in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Laptop Encryption Software: UK Glasgow Council Reaches Out After Laptop Stolen

Nearly 38,000 customers are being contacted by Glasgow City Council after the loss of two laptop computers late last month led to a data breach.  Of the two computers, one contained the sensitive information.  The device was not secured with drive encryption software like AlertBoot, which would have ensured information confidentiality and integrity.

Bank Account Details Exposed

The theft of the laptops took place around May 28, when council offices in Cochrane Street were broken into, but the extent of the damages -- in the form of the data breach -- was not realized until June 6.

Only one of the laptops contained personal data.  More specifically, one laptop had bank account details for 10,382 companies and 6,069 individuals, including "suppliers and people receiving fuel payments and care grants," according to the BBC.  Names and addresses for all 37,835 people were also stored on the laptop.

Password Protection? They're Like Handcuffs

When I say that password-protection -- which is the only data security the laptop at the center of all this brouhaha had at the time of the theft -- is like handcuffs, I don't mean it as a compliment.

Picking handcuffs is relatively easy: here's a YouTube video.  Of course, the trick is learning how to pick the restraints prior to being handcuffed and to have the right tool, in this case a bobby pin.  But, otherwise, there isn't much to it.  It's simple and straightforward.  It might be one reason why police prefer quick-ties over handcuffs when binding a suspect's hands.

And so it is with bypassing password-protection.  It depends on the system, of course, but if we're talking about a Windows machine, the easiest way to bypass passwords on boot-up is to take out the hard disk drive from the machine and connect it to another computer under your control, a computer that does not have a password or one to which you know the password to.

In the above hardware juggling, the password-protected drive essentially becomes an external drive and accessing it will not trigger its password.  For the data thief, the problem over overcoming the password protection is easily solved.  Describing the process is actually much harder than going through the motions.

It's why I constantly tell people that password-protection is a misnomer and anything but.  Just because you name it "protection" doesn't mean that it won't fail to live up to its name.

If one really wants to protect their data on a laptop or external hard disk drive, the only solution lies in encryption software.  It's about the only thing that will absolve a UK organization, public or private, from the wrath and Monetary Penalty Notice of the ICO, the Information Commissioner.


Related Articles and Sites:
http://www.clydebankpost.co.uk/news/roundup/articles/2012/06/11/430386-personal-data-stolen-from-council-offices/
http://www.glasgowsouthandeastwoodextra.co.uk/news/local-headlines/customer-data-stolen-from-glasgow-city-council-1-2350558
http://www.fifetoday.co.uk/news/scottish-headlines/laptop-with-bank-details-stolen-1-2349620
http://www.bbc.co.uk/news/uk-scotland-glasgow-west-18399576

 
<Previous Next>

Data Security: FTC Fines Spokeo Over Internet Data Collection

Drive Encryption Software: Auditors Slam USCIS For Lack Of Laptop Encryption

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.