Security's Everyman

Security's Everyman

Thursday, August 10, 2006

Are they ever going to learn?

Once again there is another laptop stolen with Personably Identifable Information and once again it is a government agency that has lost the data. What is it going to take for people, especially our Federal Government, to get serious about security? I know that information is out there and easily available to those who really want to find it, but why must we help them out? This is getting way out of hand.

I don't know who had the laptop, if they had permission to have the data on it, or why they didn't have it with them or safely locked up. The government has to get serious about this. I hate for anyone to lose their job, but until we really crack down hard this will continue to happen. There is NO reason for information to be on an unsecured device especially if the device is designed to be portable.

What needs to happen to prevent this from continuing? There needs to be an immediate lockdown on all portable devices until they can be adequately secured.
1. Password protect the bios and the harddrive.
2. Encrypt the drive or at least the data.
3. Require strong authentication, preferably 2 factor.
4. Audit the data that is on these devices to ensure that the person has a need to know and the
proper authorization to have the data.

Is this a lot of work? Of course it is, but this is happening way too often and something has to be done about it. It needs to be done quickly and it needs to be done right. As for those whose carelessness causes the problem, maybe they need to be in positions where there carelessness will only cause a few patties to be burned and not a few families.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.