This Blog

Home
Contact

Syndication

AlertBoot Endpoint Security

Email Attachment Encryption: Kentucky Retiree Data Makes The News. Why?

There is a story at the courier-journal.com that, on the surface, doesn't make any sense. The names, dates of birth, and Social Security numbers of 28,000 Kentucky state retirees were sent via e-mail to the correct person.

Why is this news? Because the attachment in the e-mail was not encrypted using a document encryption program like AlertBoot endpoint security.

Walgreens Admits Mistake

The story surfaced when Walgreens Health Initiative--the pharmacy benefit management arm of Walgreen, the drugstore giant--sent a letter to the affected parties saying that there is a remote possibility their records were accessible while being transmitted.

The letter was sent to a "single and proper" contact at Kentucky Retirement Systems who confirmed receipt of the e-mail. I take it this means the person who should have received the e-mail did receive it. So far so good.

So...Where's the Mistake?

The mistake is not apparent on the surface. Just like regular snail-mail can be tampered with, leaving no trace of manipulation--steaming an envelope to open it; reading the contents; and sealing it again--e-mail can be tampered with as well.

Except, electronic mail is kind of designed to be tampered with. I gave an explanation previously, when I covered how easy it is to use e-mail attachment encryption, and why it's needed when sending sensitive documents via e-mail.

Briefly put, e-mail is similar to a postcard in real life, not a sealed letter. Now, ask yourself, would you mail your SSN and other personal information on a postcard? Would you feel outrage if a company sent a list of SSNs?

Most people don't when it comes to e-mail, though. This is probably because most people don't understand how e-mail is delivered, a topic that is as exciting as learning how butter is made (which, actually, is pretty interesting. Big Discovery Channel fan).

If you've got attachments with sensitive information, you want to encrypt them before e-mailing them. If not...chances are, nothing will happen. But then, chances are your laptop will not get stolen. (I, for one, know more people who've never had their laptops stolen than people who have experienced laptop theft.)

But laptops get stolen every day, right? You shouldn't confuse little risk with "no risk."

Published Mar 18 2009, 06:05 PM by sang_lee

Filed under: data encryption, data security, data theft prevention, cryptography software, encrypted data, information security, secure digital assets, endpoint security, prevent data leakage, encryption software, persistent encryption, document encryption

<Previous	Next>
Data Encryption Software: University Of Toledo Has Computer Theft, Files Encrypted	Laptop Encryption Software: U. Of West Georgia Laptop Lost In Italy

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.

This Blog

Syndication

Recent Posts

Tags

Archives