All the latest UK technology news, reviews and analysis

Stock market data put at risk by SEC staff's unsecured laptops

09 Nov 2012
Digital encryption key

Staff at the US Securities and Exchange Commission (SEC) have put sensitive information from a number of stock exchanges at risk after reportedly using unencrypted computers for work purposes, according to Reuters.

Reuters claimed that sources familiar with the matter had revealed that a number of unnamed employees in the SEC's Trading and Markets Division had been using unencrypted laptops.

Some of the laptops in question were reportedly used at the Black Hat security convention earlier in the year - where hackers frequently try to compromise delegate's machines.

If true, it could spell trouble as the department is responsible for making sure stock exchanges take adequate measures to protect the markets from potential cyber threats and systems problems.

The SEC declined to comment when contacted.

However speaking to V3, Trend Micro security director Rik Ferguson highlighted that such an occurrence would not be beyond the realm of possibility.

"Unencrypted laptops are still all too common in almost every sector, this story only confirms that the SEC is no different to other organisations. The line between corporate and personal PC, particularly as laptops have been more common than desktops as corporate stander, has been blurred almost into non-existence," Ferguson told V3.

"As a result people simply don't appreciate the sensitivity or value of what they are carrying on their hard drives and memory sticks. This is also symptomatic of corporate IT policy having been ineffective."

Freguson added the lapse appeared systematic of a wider failure by the SEC to educate its employees on cyber best practice.

"While the employees may be held responsible for taking the laptops to a conference, ensuring that they were properly encrypted at a device level is normally the responsibility of the employer, it if it company-issued hardware."

Reuters reported that there is currently no evidence to suggest a data breach had occurred thanks to the employees' lapse in judgement.

Prior to the news security vendors had issued numerous warnings that the cyber threat facing financial institutions is increasing.

Earlier in the year the Bank of America, JPMorgan Chase and Wells Fargo's websites suffered a number of unexplained outages, believed to have been caused by cyber attacks.

The slew of attacks led the Financial Services Information Sharing and Analysis Center (FS-ISAC) to upgrade its Cyber Threat Advisory status from Elevated to High earlier in September.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus

Samsung Galaxy S5 video review

We break down the key strengths and weaknesses of Samsung's latest Android flagship

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Cloud Infrastructure Automation Developers - OpenStack

Cloud Infrastructure Automation Developers with development...

Dynamics CRM Functional Consultant

MS Dynamics CRM Business Analyst - 3 month initial Contract...

1st line Support Engineer - West London - £12-16 p/h

1st line Support Engineer - Media Company - West London...

.NET/C# Skilled Developer-Specialist Edinburgh Software House

Having over 17 years of specialist industry experience...
To send to more than one email address, simply separate each address with a comma.