in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Canada PII Encryption: Southwest Community Business Development Has Laptop Data Breach, Plumbs The Depths Of Idiotic Remarks

Oh, Canada.  The past twelve months have been a debacle for the northernmost country on the American continent, on many fronts, putting at risk the image it has cultivated over the years – a country of polite, maple-syrup-consuming, thoughtful, intelligent, and funny citizens.

Here's an additional incident that makes one wonder what exactly is going up there: a spokesperson for the Southwest Community Business Development Corp. has stated that there was nothing the company could have done regarding a data breach.  It was triggered by the theft of a laptop computer from an employee's car.  (Hint: they could have used something like AlertBoot laptop disk encryption software to protect the sensitive information).

"Needs to be Shared and Ridiculed"

The story is so flabbergasting that the director of the site databreaches.net said that the CBDC's statement "needs to be shared and ridiculed worldwide."  What, specifically, was said to spark off such a reaction?
"The laptop was not in plain view, it was put away, and someone decided that they were going to break into the vehicle and that is circumstances outside of our control. There’s absolutely nothing we can do in that particular circumstance," said Heather Hubert, the CBDC Southwest executive director.
Would she have said the same thing if the stolen object was something other than a laptop full of sensitive data?  Really?  Nothing could have been done?

Substitute the word "laptop" in the above quote with the following to see how ridiculous the executive director sounds.  Also keep in mind that the theft happened from a car that was parked overnight on some random street.
  • Original copy of the Canadian constitution.
  • Ten million dollars in rare gems.
  • A kidney to be used in an operation the next day.

On the one hand, I can understand what Ms. Hubert is saying.  Yeah, there was no one there to stop the theft, so there is literally nothing they could have done in that particular circumstance, at that particular point in time.  On the other hand, it's quite evident that something could have been done to ensure that the conditions for that particular circumstance do not arise at all.  For example, couldn't one have taken the laptop out of the car and stored it somewhere safer?

Honestly, if you have time to "hide" something in a car, and it weighs less than 20 pounds (approximately 10 kilos), you can probably take it with you, as opposed to leaving it in the car overnight.

They Know What to Do

The previous quote contrasts quite strongly with what the CBDC is doing.  According to cbc.ca:
CBDC Southwest and PETL [Post-Secondary Education, Training and Labour] are encrypting private data on laptops going forward.
Does this sound like the actions of an organization that has exhausted all its options when it comes to data security and finds itself with "absolutely nothing [it] can do"?

Perhaps CBDC deserves ridicule.  But, I believe that actions speak louder than words.  It's quite obvious that there is more that CBDC can do, and they're doing it.  And, at the end of the day, that's all we're really asking for.

Related Articles and Sites:
http://www.databreaches.net/ca-southwest-community-business-development-corp-claims-theres-nothing-they-can-do-if-someone-steals-a-laptop-with-unencrypted-information-from-an-employees-unattended-vehicle-srsly/
http://www.cbc.ca/news/canada/new-brunswick/private-information-of-dozens-of-new-brunswickers-at-risk-1.2613829

 
<Previous Next>

UK Data Encryption: FOI Request Finds ICO Fines Lower, Breach Incidents Higher

HIPAA External Drive Encryption: Larsen Dental Care Announces Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.