in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Education Encryption: Laptop Encryption Beats Locked Rooms, Shows University Of South Carolina Data Breach

The use of laptop encryption in higher education, especially by faculty and staff, seems like a no-brainer to me.  After all, such computers are full of personal information, not only of the devices' owners themselves but also of the student body (they still use SSNs as student IDs, don't they?).

While the Department of Education may not openly require the use of encryption software, it's always a good idea.  Even if you think that your computer is properly protected behind locked doors.  Why?  As the University of South Carolina shows us, doors can be busted.

Breach Affects 6,000 Students

According to databreaches.net and a breach notification letter posted at abccolumbia.com, the physics and astronomy departments at the University of South Carolina experienced a data breach when a laptop was stolen from a locked room.  The data breach affected 6,000 students who were enrolled in physics and astronomy classes at SC between January 2010 and today.

The breached data involved full names, SSNs, and other personally identifiable information.  While disk encryption for student data was not employed, password recovery was used (which is tantamount to applying leaches to a massive melanoma – in other words, less than useless) and the laptop was stored in a locked room.

Considering the type of information that was being stored in that room, however, it surprises me (well, maybe it doesn't.  I've heard of worse, actually) that these were the only things between a sensitive data and a burglar.  One wonders: if the Department of Education also had a policy of issuing monetary fines – like the Department of Health and Human Services, which can impose a penalty of up to $1 million – for preventable data breaches, would the University of South Carolina relied only on a door for their security needs?

You know what's really surprising, though?  That in the past three years, 6,000 students were enrolled in physics and astronomy courses.  (And, personally, this is music to my ears.)

School Disk Encryption

Many universities and small colleges have undergone the process of replacing student ID numbers with something other than SSNs.  This is a great first step towards data security.  After all, you can't have a data breach on what you don't collect.

However, personal information encompasses more than SSNs alone.  A student's grades, for example, are also subject to protection.  Naturally, these scores have to be linked to some form of identifier, be it a first and last name, a student ID number, or whatever.

In fact, that such information has to be linked to an identifier means that the potential for a data breach is always there.  Not using proper protection, then, is an invitation for future data breaches.
Related Articles and Sites:
http://media.abccolumbia.com/documents/physicsletter.pdf
http://www.databreaches.net/?p=27995
<Previous Next>

California Data Security: AG's Office Reports 2.5 Million Californians' Data Breached Since 2010

Data Breach Study: Human Error Still Accounts for 35% Of Breaches

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.