in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption Software: Oxford Aunts USB Disk Found In Street

Oxford Aunts, a private nursing firm in the UK, had a data breach when a USB memory stick with information on clients and employees was found lying on the ground.  The device was not protected with drive encryption software like AlertBoot.

Found by the Bus Stops

A passerby found the USB stick lying on the ground by the bus stop and turned it in to the Oxford Mail, a UK newspaper.  The stick was unencrypted, and this lack of cryptographic protection is what allowed (motivated?) the passerby to turn it in to the media.

Had the memory stick been protected with USB encryption the passerby wouldn't have been able to access the contents of the device, meaning that the media couldn't or wouldn't have been alerted.  (After all, who want to publish or read about an inaccessible USB stick?  No one.)

In addition to Oxford Aunt not gaining bad press, there would have been the added benefit -- the most important aspect, actually -- that its clients would have been protected from any potential dangers, assuming there was a direct one to speak of (heraldseries.co.uk reports that names, addresses, and phone numbers were present, but does not mention other types of data such as financial information).

In all, hundreds of people seem to be affected: 140 or so pensioners under the care of Oxford Aunt and "hundreds of company employees" whose payroll details were included (oops -- I guess the incident is worse than what I initially thought).

Preventing USB Data Leaks and Breaches

As the UK turns more to data protection solutions like full disk encryption software, it's finding that perhaps this is not the silver bullet everyone was hoping it would be (I, for one, never promised it would be one).

Encryption works well for its intended scope -- preventing unauthorized people from accessing restricted content -- but comes with the failings of a computer's "open" architecture: data, by default, is easily copied off of the machine.

In other words, an encrypted computer is safe from unauthorized snoopers; but, if you're an authorized user, you can always breach the data by copying it to an unsecured data device.  Obviously, this is not a technological shortcoming as it is a human one: despite policies warning against it, people copy information off of protected devices onto unprotected ones, as in the above case.

There are two ways this loophole of sorts can be combated: one, keep educating employees about the importance of following company computer policies.  This is the better (theoretically), cheaper method.

The other method is a technological one.  It involves setting up computers with data loss prevention solutions, either by blocking access to the USB port, so that unauthorized devices cannot communicate with an encrypted computer, or by forcing encryption upon the devices that are plugged into the USB port.

The latter approach is the one taken by AlertBoot.  Once an external USB memory device is plugged into a computer protected with AlertBoot, the USB device will be protected with full disk encryption as well.  This means no one but the person with the correct password will be able to access the device's contents in the event that it is lost.

An added benefit with AlertBoot's approach is that one is able to share access to the device between computers within a particular "computer group," allowing the USB stick to be secure and useful (I mean, what's the point of a USB memory stick that only works with one computer, right?)

Of course, the combination of encryption and USB port security is not a silver bullet, either.  However, it does decrease the chances of a data breach significantly.


Related Articles and Sites:
http://www.databreaches.net/?p=15926
http://www.heraldseries.co.uk/news/8745946.Confidential_data_dropped_in_street/

 
<Previous Next>

Data Encryption Software: Concur Technologies Has Break-In, Data Breach

Data Encryption Software: Medical Backup Data Tape Lost By California Health Department

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.