in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption Software: Preferred Skin Solutions Data Breach

Reviewing a list of old stories I've missed over the past month, I see that a small skin care clinic, Preferred Skin Solutions, based out of Tulsa, Oklahoma has reported a data breach.  A computer was stolen, prompting the clinic to reach out to clients.  It's a situation that a simple remedy would have prevented: using drive encryption software like AlertBoot.

However, the story is notable for how the clinic did things right.  Which one could say puts larger outfits with better resources to shame.

We Always Shred Financial Information

Thieves broke into the clinic on the night of January 24, 2012 and stole a laptop computer and a CD player.  The personal information for more than 400 clients were lost as a result.  Thankfully, no financial information was stored on the stolen laptop.

The clinic's manager had this to say regarding financial information: "We've always made a point that we don't store anything like that on our laptop, and what we do is take their information one time and then we shred their information,"

This is a smart move.  The best way to protect data against data breaches is to not store them.  Plus, such a procedure makes compliance with PCI-DSS immaterial, as far as data storage is concerned.  It's win-win for everyone, even for clients who face the annoyance of having to provide their information each time they visit the clinic, as subsequent events have revealed.

However, this is a realistic option for businesses where volume is "low."  A company like, say, Walmart could never get away with this without adversely impacting their bottom line.

What About Personal Data?

There is the problem, however, of securing client data.  It wasn't revealed what kind of information was stored on the stolen laptop, but I would assume that at least first and last names were stored, as well as email addresses (clients were alerted of the breach via email).

On the whole, such personal data is not deemed "sensitive" by most, and rarely is such data protected with encryption software.  However, seeing how identity theft is rampant across the world, and phishing attempts are made to gain such data on a global basis, it's always a good policy to keep this information secure. (Actually, for companies with hundreds of thousands of registrants, encrypting email addresses might be more than a good idea.)

Had Preferred Skin Solutions used disk encryption software on their stolen laptop, I would have given them an "A+" as far as data security is concerned.


Related Articles and Sites:
http://www.phiprivacy.net/?p=8861
http://www.fox23.com/news/local/story/Medical-records-stolen-from-skincare-company/GK1CwuUCB0qVJ1rpPn2CDA.cspx

 
<Previous Next>

Disk Encryption: UK East Lothian USB Stick Lost, Over 1000 Students Affected

Fifth Amendment Rights: Forcing Defendants To Decrypt Drives IS Against The Fifth

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.