The Last Post

Why did the government not make use of one of the many specialist security VARs in the UK instead of relying on the post, writes Sara Yirrell

I had a similar experience to HMRC recently. I foolishly relied on the national postal service to get a vitally important document (a concert ticket actually) to a friend (using recorded delivery) in time for a show last week.

It never reached its destination and I was told that paying extra for recorded delivery did not in fact guarantee my post would arrive. Brilliant.

Luckily after a few frantic phone calls I was able to collect another ticket from the box office on the night of the concert.

However the fact that my document was lost in the post did not adversely affect the lives of 15 million UK residents and did not contain sensitive information about their personal lives, and also bank details of some seven million citizens.
Unlike our friends at HMRC.

How terrifying is it that at a time of heightened security, a government department is still copying sensitive details of millions of its citizens onto a couple of CDs and then sending it in the post in the first place? Has the government not heard of encrypted email?

This could all have been avoided if HMRC had made use of one of the many specialist security VARs in the UK, any one of which could have implemented a safe.
IT system on which to send sensitive information to outside departments. Instead HMRC has created a free for all for every cyber criminal this side of the Channel.
It seems that we do not need protecting from forces outside the UK boundaries – we need protection from the incompetence of the very organisations that are trying to protect us.

Talking of incompetence – my friend is still waiting for her ticket to arrive.

Sara Yirrell is editor of CRN.