The fact that the data on the laptop - one of four stolen from the Bord Gais offices and adjacent buildings earlier this month - was not encrypted is a very serious issue says Mark Fulbrook, Cyber-Ark's UK and Ireland Director.

"That's bad enough, but best practices in IT security mean that the sensitive customer data shouldn't have been stored on a laptop in the first place - it should have been digitally vaulted or at the very least encrypted locally and accessible only on a need-to-use basis," he said.

"And that need-to-use basis should only be available across the company's network, using authenticated and logged access procedures," he said.

Whilst there is a case for allowing access to customer records remotely, the information should never include customer payment details, and certainly not their bank account information unless through a secure channel with full authentication, encryption and security measures in place such as digital vaulting, he explained.

"But to store customer bank account data unencrypted on a laptop goes against all known IT security procedures. It's a very serious procedural error," he added.

For more on the Bord Gais laptop customer record fiasco: http://preview.tinyurl.com/lcxzup

For more on Cyber-Ark: http://www.cyber-ark.com/

ENDS

For further information please contact Yvonne Eskenzi on 0207 183 2832

Further Information

Eskenzi PR Limited
Neil Stinchcombe
Director
Tel: 02071832833
Email: neil@eskenzipr.com