in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software: Janitor Steals 30 Laptops From Genentech

I often note that the use of laptop encryption software like AlertBoot is necessary for computers that are never taken out of company premises.  For example, you never know when the help might decide to steal computers.

I wish I could say that such an observation is prescient, but it really isn't.  There is a long history of theft from the workplace, by employees and outside contractors alike, and Genentech is another in a long line of victims.

Janitor Swipes Computers for Nearly One Year

According to sfexaminer.com, a Mr. Dionisio Dauz has been caught filching the medical company's computers for nearly one year, from April 1 (2011, I assume) to February 5 of this year.  He was arrested on February 7.

Approximately 30 laptop computers were stolen, the loss being estimated at $30,000.  That is a big number but the amount is paltry compared to potential damages, such as the loss of corporate secrets (not that this appears to have been the case in this instance).

After all, this wouldn't be the first time in history that a competitor under disguise infiltrates the competition to carry out industrial espionage.  Or, pays off a legitimate worker (no disguises necessary).

What, you think I've gone off my rocker?  Here are the top 10 most notorious acts of corporate espionage according to businesspundit.comBusinessWeek has their own list over here, although some of them go as far back as 300 years (which has something of a twist: the two oldest cases of "industrial espionage" involves the west stealing secrets from China: tea and porcelain).

Disk Encryption for Corporate Computers: Data Security Should Be Priority

Encryption software should be the front and leading data security measure today.  I'm not saying that it's the "be all, end all" of data security solutions.  Rather, I'm merely pointing out that it's time that cryptographic solutions stop playing second banana to the usual security measures: locked doors, cable locks, lockable file cabinets, security guards, etc.

There was a point in time when the loss of equipment hit you hard, twice: (1) you lost your data and (2) you lost your equipment.  Today, the situation is the same, but the $1000 used on equipment is not what it used to be (I believe it's called inflation).  At the same time, the dollar signs assigned to data (and the need to keep it confidential) have grown exponentially far outpacing inflation and other metrics.

And yet, as far as data security is concerned, many still act as if the corporate environment has remained in stasis.

Laws, for example, are written so that companies with no security whatsoever are hammered; those with adequate physical security are given a slap on the wrist; and those with encryption are minimally bothered (i.e., they're given safe harbor but occasionally must file some paperwork).  HIPAA and HITECH, for example, follow this model.

(Quick piece of trivia: did you know that neither HITECH nor HIPAA require the use of encryption in medical settings?  Furthermore, the loss of patient data is not an automatic HIPAA Security Rule breach, assuming certain conditions are met, such as the presence of adequate, alternate security.  HIPAA has never asked for absolute security, nor will it ever do so.  Absolute security is an absolute impossibility).

Companies buy up biometric equipment, network security products, even encryption for laptops....but not for desktops because "they're not portable and will remain within corporate quarters."

Until there's a break-in.
Or a janitor has ulterior motives.
Or an employee decides to ignore acceptable computer usage policies.

Insanity: doing the same thing over and over again and expecting different results. -- Albert Einstein


Related Articles and Sites:
http://www.sfexaminer.com/blogs/law-and-disorder/2012/02/genentech-janitor-busted-allegedly-swiping-41-laptops

 
<Previous Next>

Full Disk Encryption: Fricosu Laptop Decrypted By Government

Laptop Encryption Software: UMMC Still Not Using Encryption?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.