The Boston Globe has noted that 1 in 6 MA residents have been subjected to a data breach of their personal information over the past two years. While computer full disk encryption like AlertBoot would have helped prevent many of these breaches, most have involved instances where encryption software would have been of questionable utility: hacking computer centers.
The statistics are pretty staggering. One million residents in Massachusetts have been affected by the loss of personal, sensitive information such as credit card numbers or medical records. Since 2007, a total of 807 institutions alerted the state of information security breaches. According to The Boston Globe, while the breaches occurred in a variety of ways--including lost data tapes, stolen laptop computers, etc.--most of the information was breached by hacking incidents where on-line servers were targeted. This is only logical. Data servers tend to hold more data than your typical laptop, so the breach of a server leads to a breach many times that of a stolen laptop. Yes, I'm disregarding those instances where a laptop computer is also the data server, something of a popular solution for smaller businesses with cramped spaces. It was also reported that 60% of the incidents were criminal in nature, with the rest being attributed to negligence. This statement is less than helpful under the circumstances, since it doesn't give examples of what's negligent and what's not. For example, is a laptop computer that was stolen during a car break-in negligence? I'd say so, but it took a criminal act to turn it into a data breach.
The statistics are pretty staggering. One million residents in Massachusetts have been affected by the loss of personal, sensitive information such as credit card numbers or medical records.
Since 2007, a total of 807 institutions alerted the state of information security breaches. According to The Boston Globe, while the breaches occurred in a variety of ways--including lost data tapes, stolen laptop computers, etc.--most of the information was breached by hacking incidents where on-line servers were targeted.
This is only logical. Data servers tend to hold more data than your typical laptop, so the breach of a server leads to a breach many times that of a stolen laptop. Yes, I'm disregarding those instances where a laptop computer is also the data server, something of a popular solution for smaller businesses with cramped spaces.
It was also reported that 60% of the incidents were criminal in nature, with the rest being attributed to negligence. This statement is less than helpful under the circumstances, since it doesn't give examples of what's negligent and what's not. For example, is a laptop computer that was stolen during a car break-in negligence? I'd say so, but it took a criminal act to turn it into a data breach.
Protecting valuable data stored on stolen devices--be they laptops, desktops, external hard drives, etc.--is quite easy. It's just a matter of employing whole disk encryption, a technology where the entire contents of a computer's hard disk is made secure. Its operation is quite easy as well: generally, it's a matter of typing in the correct password when you turn on the device. If you supply the wrong password, the computer won't start up. If you apply a limit on incorrect password-guessing attempts, so that the machine will never provide access after, say, the tenth try, it pretty much cuts down the risk of a data breach to zero. However, such technology is useless when it comes to on-line hacking attempts. This is because the computer (data server) is up and running: the "security check-point" has already been passed successfully. Access to data on on-line servers can be limited by using file encryption (besides the obvious use of firewalls and other on-line security tools). For example, if a server holds credit card information, such data could (should) be stored in encrypted format, and decrypted when necessary. The problem? The use of file encryption is not always a tenable solution, depending on an organization's workflow.
Protecting valuable data stored on stolen devices--be they laptops, desktops, external hard drives, etc.--is quite easy. It's just a matter of employing whole disk encryption, a technology where the entire contents of a computer's hard disk is made secure.
Its operation is quite easy as well: generally, it's a matter of typing in the correct password when you turn on the device. If you supply the wrong password, the computer won't start up. If you apply a limit on incorrect password-guessing attempts, so that the machine will never provide access after, say, the tenth try, it pretty much cuts down the risk of a data breach to zero.
However, such technology is useless when it comes to on-line hacking attempts. This is because the computer (data server) is up and running: the "security check-point" has already been passed successfully.
Access to data on on-line servers can be limited by using file encryption (besides the obvious use of firewalls and other on-line security tools). For example, if a server holds credit card information, such data could (should) be stored in encrypted format, and decrypted when necessary.
The problem? The use of file encryption is not always a tenable solution, depending on an organization's workflow.
Related Articles and Sites:http://www.boston.com/business/technology/articles/2010/01/03/data_breaches_affect_million_state_residents/