The revelation that oil giant BP experienced an information leak of 13,000 claimants' data in the Gulf of Mexico trial, due to the theft of a laptop, should serve as a reminder for Australian companies to step up encryption advises a local security expert.
Sophos Asia Pacific head of technology, Paul Ducklin, told Computerworld Australia that individuals and companies should remain vigilant rather than waiting for someone else to experience a data breach before taking action.
"We all need to lift our game, even in countries like Australia, where security breaches can simply be swept under the carpet thanks to the lack of mandatory disclosure laws," he said. "It is because disclosure laws are not mandatory, organisations are being squeezed by budgetary pressures to do as little as possible about encryption related security.
"I'm not sure I understand that sort of economy. Surely your customers will value your service much more strongly if you can show that you are willing to do what's right and safe with their data?
"Even if you're the sort of organisation which is willing to take risks with your own data such as sales forecasts, you have a clear moral duty not to take risks with data you keep about other people," he said.
Commenting on the leak, a BP spokesperson said the laptop was password protected but the information was not encrypted.
"If one multi national company can lose data by misplacing one laptop and not having it encrypted, you wonder what else might go missing," Ducklin said.
"The irony is that having all that bad publicity over the Gulf Oil spill, the data they've spilled is all about people who wanted compensation."