in

This Blog

Syndication

Tags

AlertBoot Endpoint Security

Laptop Hard Drive Encryption Has Similarities With Broken Barn Doors

The similarity lies in the fact that most people think of implementing fixes after disaster strikes.  I bring this up because the Hillsborough Community College has warned 2000 employees that they should monitor their bank accounts, a laptop having been stolen this past Sunday.  Did the stolen computer have laptop encryption?  Nope.  Were they not aware that encryption solutions exist?  Perhaps.  But if you take into account that the person who lost the laptop was a programmer, it makes you wonder.  Granted, you don’t have to know much about computers to be a programmer.  After all, one doesn’t have to be a car mechanic to be able to drive a car…

 

Regardless, the loss of the laptop is not a total disaster.  While the loss of the computer does present a security breach—employee names, bank‑routing numbers, and Social Security numbers were some of the sensitive data in the laptop—the programmer had deleted the data prior to the theft.  Now, I’d like to credit the programmer with practicing good data security, but it could just have been luck.  For example, I will sometimes empty the trash bin on my computer when I don’t want to deal with work: I pretty much work in a paperless office, so I’ve got to get that satisfying paper crumpling‑up sound vicariously.  If I happen to delete sensitive files…well, let’s just say data security was not what was on my mind at the time.

 

Knowing that the data has been deleted, why is Hillsborough alerting their employees to keep an eye out on their bank account statements?  Well, the fear is that the thief will be able to recover the data.  And, unfortunately, you don’t have to know anything about computers to recover data.  Data recovery software is cheap and easy to use.

 

The question is, how likely is it for someone to go that extra mile to install the software in order to get to the data?  The laptop was lost during a random burglary, stolen from the programmer’s car, along with a GPS unit and a cellphone.  Under the circumstances it sounds like the thief may go for a quick flip of the illegally‑gained goods.  The actual answer, however, depends on whether the thief is sophisticated enough.  If he’s looking to maximize his profits, he’d be served well to spend some time scanning the visible (and not so visible) contents on that computer.

 

Of course, if the laptop computer had hard drive encryption installed on it, the theft wouldn’t be an issue at all.  The use of encryption would have ensured the safety of the data, be it deleted or otherwise.

 

Apparently, Hillsborough agrees.  They’re looking into encrypting computers and disks, in a clear case of fixing the barn doors after the horses have fled.  Better late than never.

 

Related Articles:

http://www2.tbo.com/content/2008/jul/24/loss-hcc-employees-laptop-spurs-id-theft-warning/

Published Jul 25 2008, 11:05 PM by sang_lee
Filed under: , , , , , , , , , , , , , ,
 
<Previous Next>

Data Security An Issue At Sealaska Corp

File Encryption Could Have Helped Grady Memorial Hospital To Protect Voice Files

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.