in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Encrypt USB Key: Data Encryption Not Used On Missing Florida Department of Revenue USB Stick

It's being reported that data encryption was not used on a stolen USB key that contained sensitive information.

Florida Department of Revenue Employee Loses USB Memory Stick

An employee working for the Florida Department of Revenue has reported the loss of a USB memory stick with the names, addresses, and Social Security numbers of 2,828 people employed by a number of "state businesses."

The USB key was stolen from--wait for it--an unlocked car.  More specifically, the USB key was stuck into a laptop computer that was stolen from said unlocked car.  The car was, apparently, parked outside the employee's home in Georgia.

Man, that's just asking for something to be stolen...

USB Key Encryption Not Used (Why This Is Bad)

The department has policies requiring encryption for laptops (I guess we can assume that whatever information that was on the laptop was protected); however, the same is not true for USB sticks.

There is, it should be noted, a pending policy that would require encryption of USB keys and other mobile devices as well.  This latest case should push forward that policy.

A stray light of sunshine is the fact that password-protection was used on the file with the sensitive data.  However, as the gainesville.com article points out, a sophisticated thief would be able to bypass that password, so the hope is that this particular thief is as dumb as a sack of bricks.

But, let's face it, in this day and age, a thief can get all the "sophistication" he needs from the internet.  A simple search on Google for bypassing password-protection on files should suffice.

If Only USB Key Encryption Had Been Used

This is why encryption software is so necessary when it comes to protecting sensitive data.  Unlike simple password-protection, a well developed encryption software suite will not allow simple bypasses, nor will it reveal the contents of a protected file without the correct username and password.

If you apply the encryption so that it protects the entire USB key, as opposed to individual files or folders, the thief would have difficulty (nay, it would be nearly impossible for him) to access any of the contents of USB stick.

Related Articles and Sites:
http://www.gainesville.com/article/20090624/ARTICLES/906249921/1002?Title=Stolen-flash-drive-held-personal-data-on-2-828-people

 
<Previous Next>

Drive Encryption Software Not Used On Stolen Tulsa CTP Server

Data Encryption Software: Alberta Hospital Loses Laptops

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.