in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Email Encryption Software: Kinetic Concepts Inadvertently E-mails Attachment, Has Breach

Employees of Kinetic Concepts (KCI ) have suffered a data breach when an email containing the wrong attachment was sent to...them.  There are certain things that e-mail encryption can do protect a company from data breaches.  This particular case is not one of them.  A better option might have been the use of encryption for the attachment.

4,000 Employees Affected

The attachment contained names, addresses, dates of birth, SSNs, and salaries of approximately 4,000 KCI employees in the US.  Employees were alerted to the mistake and instructed to delete the e-mail.  An audit was performed by outside consultants to ensure that the directive was followed by all.

As a result of the breach, credit monitoring and identity theft protection is being offered to all affected.  It's a good, wise move; on the other hand, if one were to take an extremely negative view of the event, it would seem to insinuate that KCI's employees cannot trust each other, although I'm sure that's quite the erroneous conclusion.

Email Encryption vs. File Encryption

In some ways, it's hard to understand how this could've happened.  I mean, sending an errant e-mail is quite commonplace.  Sending it to all in your organization?  I imagine I would have noticed that my "To:" field was severely populated.  On the other hand, if it was addressed to a mailing list, which generally just covers one line, I guess I wouldn't have caught it.

How could one protect himself from a data breach under the circumstances?  In this case, e-mail encryption would probably not work because the e-mail is being sent internally.  Generally, DLP (data loss prevention) programs are configured not to encrypt e-mails that are being passed around within a "secure perimeter," i.e., from one employee to another within the company, especially if they're within the same building.

On the other hand, the use of file encryption software to protect the contents of the attachment would have worked splendidly.  Under the same breach circumstances above, the unintended "3,999" other employees would have required the correct password to access the contents of the encrypted file.  I'm assuming, of course, that the password would not have been included in the same e-mail....

Related Articles and Sites:
http://www.phiprivacy.net/?p=3581
http://www.ama-assn.org/amednews/2010/08/30/bisf0903.htm

 
<Previous Next>

Full Disk Encryption: University of Rochester Medical Center Notifies 837 Of Lost Flash Drive

Email Encryption Software: ASU Staff And Faculty In Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.