Categories
Blog Hacking News Managed Security

Laptop Encryption – Serious lack of security

I believe that more personal information has been stolen than there are actual people in the US. How much was stolen from the government would prove a nice study. And has anyone in the government actually been fired?

So the employee lost the laptop. Do you blame the employee or the agency for not educating the employee and provide wholedisk encryption? The agency believes that an unencrypted harddrive, but that has a “password” is secure? Well maybe someone should explain computer hacking, windows security, encryption and the concept of intrusion prevention to DHS.

Well you will probably see that laptop on Ebay or in a pawn shop. Some halfway intelligent person who buys it might be able to get to the data. Then what?

Five Steps to Laptop Security 101:

1) Encrypt using wholedisk encryption or at a minimum encrypt your data folders. Try PGP encryption (www.auroraent.com)

2) Patch Management, use automated patch management

3) Firewall, use a managed firewall in a corporate environment or a personal firewall, lots of free ones out there and cheap ones.

4) Hard Disk password, you can protect your drive from even booting with a hard disk password. yes this can be broken and have the manufacturer resetm, but its a pain and the casual person will not know what to do

5) Dont let the government have a laptop.

 

regards

gary

http://zcurity.com

*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

*FREE Website Security Test

* Managed Firewall

* Managed Antivirus

* Managed IDS

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Unencrypted laptop with 1 million SSNs stolen from state

SC Magazine Dan Kaplan April 24, 2009

The Oklahoma Department of Human Services (DHS) is notifying more than one million state residents that their personal data was stored on an unencrypted laptop that was stolen from an agency employee.

The computer file contained the names, Social Security numbers, birth dates and home addresses of Oklahoma’s Human Services’ clients receiving benefits from programs such as Medicaid, child care assistance, nutrition aid and disability benefits, the agency announced Thursday.

The computer, which was stolen when a thief broke into the car April 3 after the employee stopped on her way home from work, was password protected, and officials do not believe the burglar realized what he or she was stealing. Therefore, the risk of the data being accessed is minimal, according to the agency.

“We feel this was not a situation where someone was targeting the agency or that information,” DHS spokeswoman Mary Leaver told SCMagazineUS.com on Friday. “We feel it was random.”

Leaver said the state Office of Inspector General is conducting an investigation, out of which likely will come a mandatory review of information security policies. However, it is not believed the employee violated existing policy when the incident occurred, she said.

News of the theft comes one day after the Ponemon Institute, in conjunction with Intel, released a study that found the average value of a lost laptop is $49,246. About 80 percent of the cost is related to the chance that a breach could occur, the study showed.

Leave a Reply