Encryption, encryption, encryption. The message oft repeated in this blog is, if you have a computer with sensitive data, make sure you use some kind of data security product like hard disk encryption from AlertBoot to protect its contents. However, encryption cannot be your only data security tool, as the following story shows. Remember, it's not about protecting your computer...it's about protecting your data.
Encryption, encryption, encryption. The message oft repeated in this blog is, if you have a computer with sensitive data, make sure you use some kind of data security product like hard disk encryption from AlertBoot to protect its contents.
However, encryption cannot be your only data security tool, as the following story shows. Remember, it's not about protecting your computer...it's about protecting your data.
Enloe Medical Center--a non-profit hospital in Chico, CA--is the latest victim of a data breach. And, the portents of the theft are ominous. What was stolen? Paperwork with patient information, possibly including names, addresses, SSNs, medical conditions, insurance info, Medicare info...anything that was jotted down while ambulance was transporting a patient. That's right. We're not even talking about computers or digital doodads anymore. We're talking about dead trees. Would encryption have provided some kind of protection? Technically, yes. Encryption, technically, has been around during Julius Caesar's time and before, so it would be possible to encrypt information on paper. However, no one wants to do that...it takes forever to do these things by hand. Point is, if you thought you were covered by encryption on your computers, well, think again. And Enloe is thinking again. They've now realized that they don't have adequate security surrounding their "documents to be shredded" bin area, and are looking into the matter. That area is accessed by employees normally, so I guess the medical center felt a little too secure. Of course, it could also be that it was an inside job. God knows there are plenty of such instances. One worrying thought? Someone took great pains to get to those documents. And I'm pretty sure there are easier methods of getting fuel for one's fireplace, so it goes without saying that those papers were taken with nefarious purposes in mind. I'm not as sanguine as PR director at Enloe, who reminds "affected patients that the theft of information doesn't necessarily mean they will be the victims of identity theft."
Enloe Medical Center--a non-profit hospital in Chico, CA--is the latest victim of a data breach. And, the portents of the theft are ominous. What was stolen? Paperwork with patient information, possibly including names, addresses, SSNs, medical conditions, insurance info, Medicare info...anything that was jotted down while ambulance was transporting a patient.
That's right. We're not even talking about computers or digital doodads anymore. We're talking about dead trees. Would encryption have provided some kind of protection?
Technically, yes. Encryption, technically, has been around during Julius Caesar's time and before, so it would be possible to encrypt information on paper. However, no one wants to do that...it takes forever to do these things by hand.
Point is, if you thought you were covered by encryption on your computers, well, think again.
And Enloe is thinking again. They've now realized that they don't have adequate security surrounding their "documents to be shredded" bin area, and are looking into the matter. That area is accessed by employees normally, so I guess the medical center felt a little too secure. Of course, it could also be that it was an inside job. God knows there are plenty of such instances.
One worrying thought? Someone took great pains to get to those documents. And I'm pretty sure there are easier methods of getting fuel for one's fireplace, so it goes without saying that those papers were taken with nefarious purposes in mind. I'm not as sanguine as PR director at Enloe, who reminds "affected patients that the theft of information doesn't necessarily mean they will be the victims of identity theft."
Okay, so if you work in one of those environments where data never gets off a computer, unlike Enloe, you may think encryption has you covered. Think again. What about personal USB sticks and similar products? I found a 4 GB SD memory card (the type that goes into digital cameras) being sold for $10. You can fit way too much data on that thing, and every computer I've owned since 2007 seems to have a SD port built-in (they're becoming as ubiquitous as USB ports). Are you sure your employees are not copying sensitive data on such devices? (You would, with port control software.) What about your internet router? Are you sure you've got a strong password to prevent port-sniffing hackers from taking over (it's supposed to be like 26 characters long)? Do you use a wireless router? Did you remember not to use WEP encryption, since it can be cracked in a matter of minutes? Remember, the name of the game is to protect data, and there's too many ways for that stuff to get stolen. Using encryption software on a laptop's hard disk ensures that data remains safe if the computer gets stolen. It cannot, and was not designed to, protect sensitive data against all possible forms of data theft. Other measures are necessary as well, including physical security.
Okay, so if you work in one of those environments where data never gets off a computer, unlike Enloe, you may think encryption has you covered. Think again.
What about personal USB sticks and similar products? I found a 4 GB SD memory card (the type that goes into digital cameras) being sold for $10. You can fit way too much data on that thing, and every computer I've owned since 2007 seems to have a SD port built-in (they're becoming as ubiquitous as USB ports). Are you sure your employees are not copying sensitive data on such devices? (You would, with port control software.)
What about your internet router? Are you sure you've got a strong password to prevent port-sniffing hackers from taking over (it's supposed to be like 26 characters long)? Do you use a wireless router? Did you remember not to use WEP encryption, since it can be cracked in a matter of minutes?
Remember, the name of the game is to protect data, and there's too many ways for that stuff to get stolen. Using encryption software on a laptop's hard disk ensures that data remains safe if the computer gets stolen. It cannot, and was not designed to, protect sensitive data against all possible forms of data theft. Other measures are necessary as well, including physical security.
Related Articles and Sites:http://www.databreaches.net/?p=7957http://www.orovillemr.com/news/ci_13598541&ct=ga&cd=cXuf8x5oP8w