Morgan Stanley has been fined $6.5 million by the states of Florida, Connecticut, Indiana, New Jersey, New York and Vermont, as reported by SecurityWeek. The bank exposed the personal information of millions of customers when decommissioning old computer servers. Those servers were not wiped before being disposed of and ultimately auctioned off, with sensitive customer data still stored on them. What’s worse, the information was unencrypted. It’s shocking that in this day and age of hyper-sensitivity to data security that such a loss could even happen. But it did.
Now what’s really interesting about this case is not the fine, but the fact that Morgan Stanley was ordered to improve the security of personal information. Specifically, “The company was ordered to encrypt data both at rest and in transit, implement a data collection, use, retention, and disposal policy, implement tools to track hardware containing personal information, and maintain an information security program, an incident response plan, and a vendor risk assessment team.”
In truth, they are being ordered to do nothing more than what should have already been done. How did such a data loss happen? Because they were unaware of their security posture. Unaware of the location of sensitive data and the state of protection. This happens in every company. Data is copied and combined to the point where tracking it is challenging using traditional methods. That’s how Data Security Posture Management software can help. It scans, classifies, and monitors sensitive data across the organization. A successful DSPM implementation requires the expertise of a data security consultant. That’s why many organizations are making data security posture management a priority for 2024. Take the first step – assess your current data security posture.
QSG’s monthly newsletter is filled with insights, best practices, and success stories from our customers’ experiences in utilizing modern technology to improve their business.
One Response
Very well written..