in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Email Protection: McAfee Has Small (But Ironic) Data Breach Via Email Attachment

Networkworld.com is reporting that McAfee has had a small data breach of sorts.  It's ironic on so many levels because McAfee is a data security company; they market a solution for e-mail security; and the people involved in the breach were attendees of a security conference.

The lost information is, well, quite personal on some levels, but not exactly the type of data I'd feel requires the use of data encryption like AlertBoot.

Personal Details

According to the story, an attachment that contained the information of all 1,408 people was included in a thank-you e-mail sent to conference attendees.  The information included "names, numbers (telephone numbers?), e-mail addresses, employment details, and...dietary requirements."

Not exactly scandalous.  I mean, so 1,407 people might now know that another guy is lactose intolerant, or needs a kosher meal, or requires that only blue M&Ms be served because he's a rock-star-turned-security-guru.

Meh.  Worse things have happened; although, I must admit McAfee does have a slightly embarrassing situation.  It'll blow over, though. (Unless it mushrooms into something bigger such as, say, McAfee filing a lawsuit against the guy who "leaked" this information.  Now that would be scandalous.)

Layered Security Has Its Limits, Too

That being said, the above is also indicative of why one needs to approach data security in a layered manner.  Many people deploy some kind--any kind--of data security solution and then expect to be "secure."  This is like expecting a contract with ADT will prevent one from experiencing break-ins, so locking doors and shutting windows is neglected.  That's no way to approach security--data or otherwise.

But, in the above case, even if McAfee had all the correct security software in place, it probably wouldn't have caught the data breach.  Why?

Because the above information is not that critical.  Nobody (OK, almost nobody) creates a data security policy based on the fact that e-mail addresses and phone numbers exist on a spreadsheet.  This stuff gets exchanged all the time--heck, most of the time, and that's the intention.

If you do create a data security policy flagging attachments with e-mail addresses and numbers, though--in order to prevent a similar McAfee e-mail snafu--you're going to generate false positives (stopping e-mails with attachments that are supposed to have those attachments) more than anything else.

About the only way to prevent McAfee's data-peccadillo from happening is to have people pay attention to what they're doing...you can't package and sell that, unfortunately, which is the ultimate reason why you can't have 100% data security.

Related Articles and Sites:
http://www.networkworld.com/news/2009/072909-security-vendor-mcafee-spills-1400.html

 
<Previous Next>

Hard Drive Encryption: University of Colorado Professor Laptop Stolen From Home

Data Encryption Software For Third Party: Fayetteville School District Staff Experience ID Fraud

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.