in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption In University Settings: U Of MN Law Professor's Laptop Stolen

The use of laptop encryption in academic settings is important for myriad reasons.  You may be dealing with sensitive, personal data.  You may be working on a project that involves intellectual property or classified information.  If a college professor, your students may have an interest in accessing your computer somehow.

As noted, the reasons are myriad.  Sometimes, not using encryption software can have serious consequences.

U of Minnesota Laptop Stolen

According to databreaches.net, a law professor's laptop was stolen.  The laptop theft affected approximately 300 people:
A prominent juvenile justice scholar was collecting data from closed case records for a study on law enforcement interrogation techniques when the laptop, a scanner and external hard drive were taken last February. [twincities.com]
You read that right.  Last February.  As in February 2013.  Letters alerting the affected of the data breach went out earlier this month.  Why did it take so long?  The list of people to contact had to be recreated from the original data source.

(As an aside, this is why data security laws usually require that periodic data backups be made.  For example, HIPAA requires that breach notifications be sent within 60 calendar days of becoming aware of the data breach.  This is only possible if you have a backup you can analyze.  It's nearly impossible otherwise).

The information was quite sensitive:
The records stem from 2005 criminal cases involving murder, rape and aggravated robbery in the state's two most populous counties. Much of the data was previously considered public, but some would have been kept private if Feld hadn't obtained special access for his study. He said his research assistants were six weeks into scanning records from archived files when the theft occurred. They hadn't begun analyzing the data, which complicated efforts to determine the scope of the breach. [twincities.com]

Why Not Use Encryption?

This is what I don't understand.  Why was encryption not used?  The information was obviously sensitive.  Plus, as a legal scholar, the professor must have known about data breach laws and ethics involving the disclosure of such information.  And, yet, here we are.

My personal guess is that the professor and other researchers felt pretty secure in their environment.  I never did understand that attitude; my own college and grad school experience plainly showed me that academic buildings are not exactly Fort Knox.

It doesn't matter in what kind of environment you're working (unless that environment was specifically designed for security).  If you have any sensitive data on a laptop, chances are that you will need to encrypt it.
Related Articles and Sites:
http://www.databreaches.net/crime-victims-and-witnesses-sensitive-information-on-devices-stolen-from-researchers-university-office/
http://www.twincities.com/news/ci_24933873/minn-crime-study-ends-after-theft-victim-data
http://www.startribune.com/local/minneapolis/240664281.html
 
<Previous Next>

Data Security: 2013's Worst Password Is 123456

Laptop Disk Encryption: Why FDE Beats Device Tracking When Things Hit The Fan

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.