in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption Software Not Used On Lost North Pacific Group Computers

DataBreaches.net has a link to NH AG's website, where a letter from the North Pacific Group is on display.  Apparently, computer equipment, including several laptops, were stolen from their offices in Portland, Oregon over Thanksgiving weekend.  It's quite apparent that they were not using data encryption like AlertBoot endpoint security software since they claim that sensitive employee information was "in hidden locations on these computers and are password protected."

Huh?  Say, what?  I guess I shouldn't blame them for making such a statement.  North Pacific Group (NOR PAC), an employee-owned company since the founder retired, is North America's largest wholesale distributor of building materials, according to hoovers.com.  They're one of those companies that are not concerned with security in any sense, unlike, say, a pharmaceutical company, which needs to keep its research secret.

The sensitive information missing due to theft includes SSNs, names, addresses, and dates of birth for 2,249 current and former employees--96 of them being New Hampshire residents.  This is one of the most open letters to the AG that I've read in a while; most companies opt to mention only the number of NH residents who were affected, shrouding the actual breach figures.

Regardless, NOR PAC's candor can't be a reason for not criticizing them.  For starters, I hope the company understands that nothing is "hidden" in a computer--it's either encrypted or it's not.  For example, there is software out there that will search through every bit of a computer's hard drive, and see if Social Security numbers can be found.  And the software is pretty cheap, too (less than $100).

It was originally developed, at least I think it was, to prevent data breaches.  With so much data being copied, pasted, e-mailed, saved, and backed up, one often finds information on his computer that shouldn't be there.  This small detail means part of any company's data security procedures requires scanning for potentially sensitive data that shouldn't be there.  Opening files one by one is one (slow and frustrating) option; another is having software do it and create a report.

But tools that can be used to reduce data security breaches can also be used by those looking to easily uncover information.  So, files in "hidden locations" are not much of an obstacle.  And, I've described before how password-protection is the bane of data security.

What NOR PAC should have done is used disk encryption software to protect the sensitive information.  A common mistake when it comes to data security is that doors and locks provide adequate protection.  This is why many people keep their laptops in their cars--and sometimes to their chagrin, find that they've lost a laptop and have to foot a bill for a new car window.  Likewise, many believe that office doors are adequate protection.  Clearly, this is not the case.  Unfortunately, it seems like most are unwillingly to believe this until it happens to them.  And it's likewise when it comes to data security.

It's unfortunate.  The use of encryption programs--including file encryption software to protect the individual files containing the sensitive information, could have saved these employees from asking, "what now?"

Related Sites:
http://doj.nh.gov/consumer/pdf/northpacific.pdf
http://www.databreaches.net/?p=109

 
<Previous Next>

Is Disk Encryption Software Lacking On Missing South Wales Council USB Memory Stick?

Best Laptop Disk Encryption Software Program To Protect Sensitive Data?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.