in

This Blog

Syndication

Tags

AlertBoot Endpoint Security

Use File Encryption If You’re Sharing Files: Wagner Resource Group Data Breach

Wagner Resource Group, an investment firm in Virginia is in the news thanks to the wayward actions of an employee who installed LimeWire on his computer.  Most people tend to use encryption if they are security conscious and believe they possess sensitive information.  As far as I can tell from the story at Information Week, this wasn’t a concern for the employee.  Because he only had the name, date of birth, and Social Security number of Stephen Breyer on that computer.  That’s right, as in Supreme Court Justice Breyer.  Some 2000 other names were released into the ether as well.

 

LimeWire, eh?  Instances of information security breaches due to the installation and misconfiguration of peer‑to‑peer software is nothing new.  I’ve already covered the Pfizer case from last year, and there were a couple of others that don’t readily come to mind.  There was also the Walter Reed Medical Center issue just last month, pointed out in the Information Week article.

 

I find the use of P2P software on company computers inexcusable.  Although it’s not necessarily the case, P2P software is almost exclusively used for downloading illegal content—or as some of my friends would remark, “getting fun stuff for free.”  The ultimate point of that particular software is entertainment.  In spirit, it is no different than, say, giving your company car a flaming paintwork.  That kind of stuff is not going to fly at an investment firm.

 

Although, when you consider how many guys working at hedge funds think of themselves as mavericks, maybe it will.  History seems to be littered with financial types trying to escape their tedium.  Who can forget the passage in “Liar’s Poker” where bond traders slowly trade their tennis rackets for rifles and ammo?

 

Tedium or not, however, P2P software on the same computer where you’ve got sensitive files is a bad idea—like cleaning your rifle while loaded.  If you must have that P2P software, at least ensure that encryption software has been used to protect any sensitive data.

 

Chances that LimeWire has to be on a company computer, though, are pretty slim.  I wouldn’t even go there if I were you.

Published Jul 11 2008, 12:50 AM by sang_lee
Filed under: , , , , , , ,
 
<Previous Next>

Espionage Concerns Perfect For Disk Encryption: Shipbuilding Secrets Almost Leaked

Full Disk Encryption Counters Third Law Of Computing

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.