in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption (Indirectly) Causes Data Breach: Cambridgeshire County Council Breached DPA

This is the first time I've encountered a story where a data breach is caused because of the use of data encryption.  According to an Undertaking signed by Cambridgeshire County Council in the UK, an employee lost an unencrypted USB memory device after an encrypted one was causing him problems.

Employee Fail

In November 2010, Cambridgeshire County Council (CCC) informed the Information Commissioner's Office that an employee lost an unencrypted memory stick.  The memory stick contained the personal information of at least six individuals, which included meeting notes and minutes.  The device was used because a staff member "encountered problems using an encrypted memory stick that the council had previously provided free of charge."

The encrypted memory stick was provided as part of a campaign designed to deploy encryption in the workplace.  Employees were educated about the importance of data security and encouraged to turn in any unencrypted USB sticks.

For the latter, I'm assuming they meant company-provided USB sticks, because there's no way anyone is going to turn in their personal ones.  And maybe that's where the weakness lies.

Memory Sticks are Cheap and Convenient

I bought a brand new memory stick yesterday.  To call it a stick is being generous.  It's so squat that it'd be more accurate to call it a memory stump.  And yet, it holds 4 GB of data, which is four times as much as my old memory stick (which actually looked like a stick).  This new one cost me $7, or about how much I spend on coffee in less than 48 hours, and was being sold by the checkout line of the grocery store.  Yep, these things are so popular and cheap that they're located where you regularly find gum, candy, and batteries.

At such prices and sizes, it's no wonder that pretty much anyone who regularly uses a computer also owns one of these memory sticks.  They're plug-and-play, reliable, and convenient.  They're also impossible to control in an office environment.  In fact, for some companies it's such a problem that they resort to superglue to fix the problem.  Using superglue brings its own set of problems, though.

What's an organization to do?  For example, in the above story, CCC pretty much did everything it could do: it deployed encryption, passed out encrypted USB sticks, and educated employees.

Become a Little More Proactive with Security

If the carrot doesn't work, perhaps one should look at using the stick.  The idea is to become a little more proactive when it comes to data security.  For example, AlertBoot endpoint security has a special option for storage devices connected to the USB ports found in -- dare I make this claim? -- on all computers manufactured since 2005.

In a nutshell, AlertBoot will automatically encrypt any storage device that is connected to a computer that's already protected with AlertBoot full disk encryption.  It stands to reason that, since you've encrypted the whole of the computer, you'd also like to encrypt any information that's copied off of it.

A simple solution like this would prevent any employees that didn't quite get the memo.


Related Articles and Sites:
http://www.databreaches.net/?p=16882
http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/~/media/documents/library/Data_Protection/Notices/cambridgeshire_county_council_undertaking_final.ashx

 
<Previous Next>

Data Protection: Emory Healthcare Alerts Patients Of Hacker Activity, Fraud

HIPAA Encryption: Fines Not Related To Data Security Are Also Something To Think About

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.