The Manchester Evening News is reporting that the Oldham council in the UK has experienced another data breach. This follows an ordeal where the same council lost 17 laptops, stolen by a guy pushing a trashcan on wheels. The need for data encryption like AlertBoot endpoint encryption was quite apparent in that instance.
While an actual figure has not been reported yet, the Oldham council invested in a host of security updates when the 17 laptops were stolen, including computerized swipe card systems. So, this recent data breach--where sensitive documents went missing--came as something of a shock. According to MEN, "the authority reveals the latest swoop and urges staff to lock their laptops away. It is thought that despite the new systems, bosses do not know exactly when the theft took place." Well, that's not surprising, really. To begin with, computerized swipe cards, while arguably better than your average keys, are still susceptible to the same weaknesses: theft and loss of keys (cards); forcing the doors open; holding the door for strangers (the khaki bandit from three years ago took the cake in that area); etc. Swipe cards, in more ways than not, are really more about convenience, not necessarily better security. For example, if an employee needs access to a general area and two separate secure areas, he'd have to carry three keys or just one card programmed with access to all three areas. The thing to note is that, ultimately, the security is provided by doors; whether they're unlocked by key or card does not contribute towards better security. And, once you are made aware of this, you'll understand why laptops should have been locked away regardless of these new-fangled doors used by the Oldham council. Nothing has changed, really, except that things feel more secure.
While an actual figure has not been reported yet, the Oldham council invested in a host of security updates when the 17 laptops were stolen, including computerized swipe card systems.
So, this recent data breach--where sensitive documents went missing--came as something of a shock. According to MEN, "the authority reveals the latest swoop and urges staff to lock their laptops away. It is thought that despite the new systems, bosses do not know exactly when the theft took place."
Well, that's not surprising, really. To begin with, computerized swipe cards, while arguably better than your average keys, are still susceptible to the same weaknesses: theft and loss of keys (cards); forcing the doors open; holding the door for strangers (the khaki bandit from three years ago took the cake in that area); etc.
Swipe cards, in more ways than not, are really more about convenience, not necessarily better security. For example, if an employee needs access to a general area and two separate secure areas, he'd have to carry three keys or just one card programmed with access to all three areas. The thing to note is that, ultimately, the security is provided by doors; whether they're unlocked by key or card does not contribute towards better security.
And, once you are made aware of this, you'll understand why laptops should have been locked away regardless of these new-fangled doors used by the Oldham council. Nothing has changed, really, except that things feel more secure.
I'm not sure whether encryption software was part of the security update, although I've got to imagine that it was. It would have been the first thing I would have sprung for if I was really interested in protecting sensitive information. The council is effectively dealing with different types of security scenarios. One is physical security/asset security and the other is data security. Seeing how this entire security overhaul was prompted by the theft of laptops with sensitive data, the keywords being sensitive data, it only makes sense that they would have used encryption on any remaining and new laptops. Of course, that doesn't do much for sensitive paper documents. These, as always, should be locked up at the end of the day.
I'm not sure whether encryption software was part of the security update, although I've got to imagine that it was. It would have been the first thing I would have sprung for if I was really interested in protecting sensitive information.
The council is effectively dealing with different types of security scenarios. One is physical security/asset security and the other is data security. Seeing how this entire security overhaul was prompted by the theft of laptops with sensitive data, the keywords being sensitive data, it only makes sense that they would have used encryption on any remaining and new laptops.
Of course, that doesn't do much for sensitive paper documents. These, as always, should be locked up at the end of the day.
Related Articles and Sites:http://www.manchestereveningnews.co.uk/news/s/1194504_council_hit_again_by_lap_top_thefts