2 min

The US Securities and Exchange Commission (SEC) has issued a security alert, alerting companies to the danger of storing customer information on network storage solutions. For example, on NAS devices, database servers and cloud storage accounts.

The warning was sent out by the Office of Compliance Inspections and Examinations (OCIE) following a recent survey of companies, writes ZDNet. The OCIE specifically alerts companies that misconfigure networked storage systems, resulting in unintended data leaks.

“Although the majority of these network storage solutions include encryption, password protection and other security features designed to prevent unauthorized access, researchers have found that companies do not always use the available security features,” said the organization. Problems were observed particularly among stock exchange traders and investment companies.

Three problems

OCIE employees have three main problems with the storage solutions used by stockbrokers and investment firms. First of all, companies appear to have misconfigured the security settings on the storage systems, which can lead to unauthorized access to customer data.

In addition, companies do not have enough supervision of third party services provided by the seller. “This often leads to situations where companies use the NAS, databases or cloud storage with default settings, which for some devices may mean that they are open by default.

The third problem was that companies do not classify their data according to their sensitivity. As a result, organisations did not set up different storage systems with different access rules, leading to situations where sensitive data is stored on open systems together with non-sensitive data.

Not new

The problems are not new, but are common scenarios that we have seen in the past. For the time being, however, there have not been any major data leaks in financial and investment companies, as the SEC would like to keep them that way. That is why it is now calling on companies to tackle potential problems.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.