Data Encryption Not Used On Florida Department of Revenue Employee loses USB stick Contents not encrypted, password-protection used (why this is bad) If the USB key was encrypted, it would have been better It's being reported that data encryption was not used on a stolen USB key that contained sensitive information.
It's being reported that data encryption was not used on a stolen USB key that contained sensitive information.
An employee working for the Florida Department of Revenue has reported the loss of a USB memory stick with the names, addresses, and Social Security numbers of 2,828 people employed by a number of "state businesses." The USB key was stolen from--wait for it--an unlocked car. More specifically, the USB key was stuck into a laptop computer that was stolen from said unlocked car. The car was, apparently, parked outside the employee's home in Georgia. Man, that's just asking for something to be stolen...
An employee working for the Florida Department of Revenue has reported the loss of a USB memory stick with the names, addresses, and Social Security numbers of 2,828 people employed by a number of "state businesses."
The USB key was stolen from--wait for it--an unlocked car. More specifically, the USB key was stuck into a laptop computer that was stolen from said unlocked car. The car was, apparently, parked outside the employee's home in Georgia.
Man, that's just asking for something to be stolen...
The department has policies requiring encryption for laptops (I guess we can assume that whatever information that was on the laptop was protected); however, the same is not true for USB sticks. There is, it should be noted, a pending policy that would require encryption of USB keys and other mobile devices as well. This latest case should push forward that policy. A stray light of sunshine is the fact that password-protection was used on the file with the sensitive data. However, as the gainesville.com article points out, a sophisticated thief would be able to bypass that password, so the hope is that this particular thief is as dumb as a sack of bricks. But, let's face it, in this day and age, a thief can get all the "sophistication" he needs from the internet. A simple search on Google for bypassing password-protection on files should suffice.
The department has policies requiring encryption for laptops (I guess we can assume that whatever information that was on the laptop was protected); however, the same is not true for USB sticks.
There is, it should be noted, a pending policy that would require encryption of USB keys and other mobile devices as well. This latest case should push forward that policy.
A stray light of sunshine is the fact that password-protection was used on the file with the sensitive data. However, as the gainesville.com article points out, a sophisticated thief would be able to bypass that password, so the hope is that this particular thief is as dumb as a sack of bricks.
But, let's face it, in this day and age, a thief can get all the "sophistication" he needs from the internet. A simple search on Google for bypassing password-protection on files should suffice.
This is why encryption software is so necessary when it comes to protecting sensitive data. Unlike simple password-protection, a well developed encryption software suite will not allow simple bypasses, nor will it reveal the contents of a protected file without the correct username and password. If you apply the encryption so that it protects the entire USB key, as opposed to individual files or folders, the thief would have difficulty (nay, it would be nearly impossible for him) to access any of the contents of USB stick.
This is why encryption software is so necessary when it comes to protecting sensitive data. Unlike simple password-protection, a well developed encryption software suite will not allow simple bypasses, nor will it reveal the contents of a protected file without the correct username and password.
If you apply the encryption so that it protects the entire USB key, as opposed to individual files or folders, the thief would have difficulty (nay, it would be nearly impossible for him) to access any of the contents of USB stick.
Related Articles and Sites:http://www.gainesville.com/article/20090624/ARTICLES/906249921/1002?Title=Stolen-flash-drive-held-personal-data-on-2-828-people