Security researchers at Comparitech recently published their discovery of a database exposed by Telmate, a service that prison inmates use to communicate with family and friends. Comparitech security researcher Bob Diachenko o discovered the unsecured database and immediately reported it to Global Tel Link, the company that owns and operates Telmate,and action was taken.
On this occasion the risk was low, given that the database was exposed without any required credentials or authentication, and was secured two hours after it was discovered. It is unclear whether any outsiders were able to retrieve information. However, the issue of an unsecured database presents wider implications for those providing communications technology.
To look at the implications of this breach, Digital Journal spoke with Anurag Kahol, CTO and co-founder of Bitglass.
According to Kahol: “Unfortunately, organizations often lack the needed security measures that would prevent this kind of incident from occurring. While this information was secured within the first two hours of discovery, it is unknown how long the information was exposed or who had access to the database. This lack of control can be quite dangerous to both the victims and their points of contact.”
In terms of important lessions,Kahol states: “Consequently, it is imperative that the proper solutions are implemented to safeguard sensitive information. To start, organizations should prevent leakage by implementing a password, then equip themselves with tools such as data loss prevention (DLP), multi-factor authentication, and encryption of data at rest. By enforcing these extra safety measures, organizations can have the security needed to prevent a potential intrusion
