A subcontractor working on computer hardware upgrades at the NY Social Security Agency was charged with stealing 15,000 Social Security numbers. It reminds me of the one true maxim about data security threats, that you'll never know exactly where or how the next one will appear. In fact, this is why full disk encryption like AlertBoot is necessary if you're dealing with sensitive data: the theft of laptops often occurs when you're least expecting it (although, I know of some people who would dispute that and note laptops usually get stolen in the usual places). But, it's also true that encryption software cannot be the only solution. Take the contractor story, for instance. I'd argue that USB port control software, which enhances basic security found in AlertBoot, would have make a difference. But would it have?
A subcontractor working on computer hardware upgrades at the NY Social Security Agency was charged with stealing 15,000 Social Security numbers. It reminds me of the one true maxim about data security threats, that you'll never know exactly where or how the next one will appear. In fact, this is why full disk encryption like AlertBoot is necessary if you're dealing with sensitive data: the theft of laptops often occurs when you're least expecting it (although, I know of some people who would dispute that and note laptops usually get stolen in the usual places).
But, it's also true that encryption software cannot be the only solution. Take the contractor story, for instance. I'd argue that USB port control software, which enhances basic security found in AlertBoot, would have make a difference. But would it have?
15,000 SSNs were stolen from private contractors working for the Social Security Administration by a man that was performing computer hardware upgrades. The information was subsequently used illegally, but only for "a limited number of cases." It's obvious that this man must have used a portable memory device of some sort, most probably a USB flashdrive. Hence, it would stand to reason that the use of USB port control software would have prevented him from downloading and stealing the data. On the other hand, if he was able to download the data, it means that he had access to a computer (at least, he could use a mouse and see stuff on a computer screen). Would port control really have been useful? He could have written SSNs down on a memo pad, or maybe even e-mailed a file to an outside account. When it comes to data security, thieves generally find that there is a window open for each door closed. There is a silver lining, though. While the presence of USB port control wouldn't have prevented the breach if carrying out the former -- with the memo pad -- there would be a limit to the number of SSNs stolen; if the latter, the loss of data would have been preventable, or at least detectable, via data loss prevention software. And, of course, the use of computer encryption software would have prevented the man from stealing data by preventing access to the computer with the data in the first place. But, plenty of hardware upgrades require access to the system itself, so there might have been a legitimate reason for the man asking for access to an encrypted computer. So, what's the answer to preventing a data breach in cases like these? Stick a monitor (as in a person, and not hardware) and stay vigilant. What can I say? Exception circumstances require exceptional solutions.
15,000 SSNs were stolen from private contractors working for the Social Security Administration by a man that was performing computer hardware upgrades. The information was subsequently used illegally, but only for "a limited number of cases."
It's obvious that this man must have used a portable memory device of some sort, most probably a USB flashdrive. Hence, it would stand to reason that the use of USB port control software would have prevented him from downloading and stealing the data.
On the other hand, if he was able to download the data, it means that he had access to a computer (at least, he could use a mouse and see stuff on a computer screen). Would port control really have been useful? He could have written SSNs down on a memo pad, or maybe even e-mailed a file to an outside account. When it comes to data security, thieves generally find that there is a window open for each door closed.
There is a silver lining, though. While the presence of USB port control wouldn't have prevented the breach if carrying out the former -- with the memo pad -- there would be a limit to the number of SSNs stolen; if the latter, the loss of data would have been preventable, or at least detectable, via data loss prevention software.
And, of course, the use of computer encryption software would have prevented the man from stealing data by preventing access to the computer with the data in the first place. But, plenty of hardware upgrades require access to the system itself, so there might have been a legitimate reason for the man asking for access to an encrypted computer.
So, what's the answer to preventing a data breach in cases like these? Stick a monitor (as in a person, and not hardware) and stay vigilant. What can I say? Exception circumstances require exceptional solutions.
Related Articles and Sites:http://www.databreaches.net/?p=15868http://wnyt.com/article/stories/S1884437.shtml?cat=300