in

This Blog

Syndication

Tags

AlertBoot Endpoint Security

Laptop Encryption Software Works: Random Guy Steals Laptop From Bank In Broad Daylight

The Royal Bank of Scotland (RBS) has revealed that a laptop computer owned by the bank, and containing the personal details of approximately 100 bank customers was stolen.  However, they declined to make the incident public because the information held on the laptop encryption software was protecting the contents of that computer.  And the world is not in an uproar about the failure to disclose or the fact that sensitive information was stored on a laptop computer or the fact that someone managed to steal personal information from a bank—a supposedly safe place.  I mean, it has to be.  They’ve got vaults and armed guards.  This incident serves to illustrate several beliefs I’ve been holding for a while now.

 You Need A Catchall Security Solution – 'Cause You’ve Got Highly Improbable Events

Granted, no such data security solution exists.  But when it comes to computers—either desktops or laptops—nothing comes closer to a perfect security solution than full hard disk drive encryption.  That’s because it’s data security that is essentially built into the hard drive itself.  As opposed to locks and safety cables for computers, which are designed to deter the theft of the computers (and not the data in those computers), encryption software like AlertBoot is designed to deter access to the data.

 

If encryption is good enough for spooks and other intelligence agencies for safeguarding data, it’s good enough for you and me.

 Nobody Really Cares That Information Was Stored On A Laptop – As Long As There Is Protection

Really.  I’ve encountered too many people who shout and shout and shout (and scream) about how data is not supposed to be stored on laptops.  Then you get a scenario like this one where the theft of the laptop becomes a moot point—at least for the people whose sensitive data was on that computer—because the thief has no way to access that data.  No screaming.  No finger pointing.  Just civilized people acting like civilized people.

 

The loss of digital equipment need not be a gut-churning event, but if and only if adequate data security measures are in place.  That’s why believing that the thieves are not after the data in a stolen laptop (who came up with that brilliant statement?) or assuming that your run-of-the-mill password-protection won’t be bypassed doesn’t work in appeasing people: these are not adequate data security measures, and more importantly, people know they’re not good enough.

 You Really Cannot Control All Scenarios – Enter Your Highly Improbable Events, Again

There’s something to be said about random events.  For example, let’s say that you find yourself in Harlem, winter of 1981.  The chances of your getting killed by a gunshot are too real.  Drive-by shootings, while random to a degree, are almost expected in that environment and, arguably, are not random.  So, you run to your apartment; you run for your life.  However, there’s a patch of ice on the sidewalk, you slip, break your neck, and die.  There’s just too many unexpected things out there.

 

I mention this because the man who stole the laptop at RBS actually walked in to the bank, somehow managed to yank the laptop computer from its binding to a desk, and walked out of the bank with the computer during the day (so much for safety cables).  The bank knows this, I assume, because they’ve got the footage.

 

Who plans for such an event?  Sure, people hire security guards to ensure something like that doesn’t happen.  And, the presence of employees is a strong deterrent so that some guy randomly coming off the street doesn’t steal your office equipment.  And that’s why someone just stealing stuff from your office in broad daylight is exceedingly rare—but then, that’s the exact definition of a highly improbable event, isn’t it?

 

Problem is, highly improbably events, once they happen, lead to highly probable events.  As in, the guy who stole the laptop (an improbable event, considering how he did it) was probably looking to get some sensitive information (and he probably would have gotten it, had it not been for the use of encryption).  That’s the only conclusion I can reach, since he busted the laptop in order to steal it.  Hot merchandise that’s not in pristine condition is still good for resale on the streets.  Merchandise that is busted?  That has almost no street value.  I mean, have you ever yanked a laptop from its moorings?  The end result is not pretty.  Well, usually it’s not.

 

Related Articles:

http://www.walesonline.co.uk/news/wales-news/2008/09/07/bank-details-on-stolen-laptop-91466-21694237/

Published Sep 10 2008, 01:27 AM by sang_lee
Filed under: , , , , , , , , ,
<Previous Next>

GS Caltex Information Security Breach Leaked By The Criminals. No Wonder There Was No File Encryption

USB Memory Stick Data Encryption Not A Go Go For Military Data

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.