in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Employees And Computer Security: Trust Them To Do The Right Thing...And The Wrong Thing

One of the things that irks me about the computer data security business is the following claim: I don't need computer security like laptop encryption because I trust my employees.  To use such data protection tools would imply otherwise.

When facts are laid out, such as 33% of all data breaches (or whatever stat is being offered for that day, week, or month) being initiated by employees – whether they had ill-intentions or not – the response tends to be "Those companies must have hired the wrong people."

The Case of SynerMed (and a Big Bulk of the Companies that Experience Data Breaches)

This constant state of denial, from well-meaning people who I would love to work for (the powers that be love employees so much they're willing to make a boneheaded move to make workers feel better?  Sign me up!), is probably one of the leading reasons why we have so many data breaches, and results in a typical story like this one from the wsj.com:
Mr. McLachlan's company has had to learn some security lessons the hard way. SynerMed reported last week that thieves stole a laptop containing records of emergency room visits from a worker's car, where it was left overnight, potentially exposing the records of 3,100 patients. Mr. McLachlan said because employees are not supposed to store patient data on local hard drives, it did not have a policy to encrypt laptops.
The wsj.com article goes on to list other medical data breaches that have occurred in California this year.  SynerMed is not alone in being remiss when it comes to data breaches.  However, SynerMed happens to be a healthcare technology vendor.  The irony, which shouldn't be hard to find, is palpable. (The company has decided to encrypt it laptops after the ordeal).

The thing is, at the end of the day, SynerMed hasn't done anything wrong.  Yeah, they had a data breach, but only because of some sticky-fingered scoundrel who makes it his business to break into cars.  Under the circumstances, pointing fingers at SynerMed is to engage in victim-blaming.

It's Not About What You Think of Your Employees

But I'm sure there is a small (or large) corner of our mind where we're pretty sure that SynerMed is to blame for the data breach.  Because it could have been avoided so easily by protecting the computer's hard disk with laptop encryption software, and because computers being stolen out of parked cars is not some kind of new revelation.  It happens, on average, every day across the US.

SynerMed is a technology vendor.  They know better (at least, I assume they do). Why didn't they use encryption?  "Because employees are not supposed to" blah blah blah (that's not a typo.  I meant to type blah blah blah because this reason, which I admit could have been quoted out of context, is blather.  Plenty of employees do stuff that they're not supposed to do.  That's why people get fired, demoted, transferred, or given the chance to resign).

Using encryption software on laptops and MDM security software on mobile devices like smartphones and tablets is not about whether you trust your employees or not.

It's about whether you value your clients or not.  Who is put at risk in the event of a data breach?  Who bears the brunt if that data breach turns into something bigger?  Even with all the laws and regulations, it's not your employees.
Related Articles and Sites:
http://blogs.wsj.com/cio/2013/06/12/rash-of-data-breaches-strikes-california-healthcare-companies/

 

 
<Previous Next>

Smartphone Security: US Law Enforcement Calls For Phone Kill Switch

Full Disk Encryption: Researchers Find Browser's Cache Is Full Of Sensitive Data

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.