in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Laptop Encryption Software: St. Albans Admits Laptop Loss, Signs Undertaking

St. Albans City and District Council has signed an Undertaking regarding the theft of four laptop computers.  While hard drive encryption software like AlertBoot was not present to protect the contents of those laptops, there were plenty of ways existing security policies could have prevented a data breach

An Unfortunate Series of Events

St. Albans had collected "a large number of postal voters records" which was supposed to be deleted once an election was over.  During the election, the information was stored on a laptop computer with password-protection in place.  This met IT security policies in place at the time (my guess is that, today, data encryption in one form or other would be required).

Once the election was over, the laptop was stored in a locked safe (good) but the data was not deleted (bad).  On June 15, 2009, the laptop was taken by contractors and not locked down (bad).  Furthermore, it was left in an open space for several weeks (bad) until someone requested that the laptop be secured (good) on September 22.

The device was moved to another place (good) but not secured (bad).  On October 13, three other laptops were found missing (bad).  On November 5, the laptop with the voter records was also found missing as well (bad).

It's not known whether the laptop was stolen at around the same time as the other three laptops and was found missing later on, or just stolen at a later date.

Policies in Place?

I'm sure policies for sensitive data and computer usage were in place at St. Albans.  I mean, they had that "password protection" in place and they also had someone request that the laptop be secured at one point.

But, as the list of "bads" show, not everyone follows these policies.  The voter data was not deleted, as required.  The policy of locking the computers was followed haphazardly.

This reminds me of an article at businessweek.com that left a bad taste in my mouth (link below).  The author of the opinion piece made an argument that data security products are not necessary because "we all work with adults"--or at least, he does--and if these adults follow the correct practices, one couldn't have a breach.  He was a CPA, though.

All correct, in theory.  But, for those who have to live in the non-theoretical world, the truth is that "adults" don't always follow what they're supposed to do: maybe because they don't feel like it; maybe because they don't know better; maybe because they don't have time; etc.  Cases like the St. Albans situation above offer proof.


Related Articles and Sites:
http://www.ico.gov.uk/upload/documents/library/data_protection/notices/st_albans_undertaking_170210.pdf
http://www.businessweek.com/technology/content/mar2010/tc2010038_678497.htm

 
<Previous Next>

Disk Encryption: U Of South Carolina Beaufort Alerts Alumni Of Stolen Laptop

Data Encryption Software: Used In ECMC Data Breach Affecting 3.3 Million People? Would It Matter?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.