Other stuff
Another laptop stolen
This time with payroll data of ten thousand NHS staff on. The machine had a password on it but no other security information was disclosed, I suspect the data wasn't encrypted, therefore the thief only needs to put the hard drive into another machine to access the data.
The amount of stolen laptops with personal information on is getting ridiculous, and this is where BitLocker and a TPM can help.
BitLocker ensures that data stored on a computer running Windows Vista remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against "offline attacks," attacks made by disabling or circumventing the installed operating system, or made by physically removing the hard drive to attack the data separately.
With the NHS spending billions of pounds on an IT overhaul, it is obvious that steps like these need to be taken to secure personal information, especially when on mobile machines which are easily lost or stolen.
Many NHS Trusts have already looked at deploying BitLocker technology, I think it the wake of this it is the obvious solution and that it should be rapidly deployed.
This of course goes for all private companies that think it is a good idea to store tens of millions of customers' credit card information unprotected on laptops, from a quick Google search it looks like the highest number stolen on a single laptop has been 45.6 million.
The technologies exist to help resolve this problem and they should be deployed, I fear the private sector will, unlike the NHS, drag their feet for years perhaps even a decade to come and millions more items of personal information will gradually leak out wrecking more people's lives.
5th May 2007 13:35:48, 287 words, 777 views
1 comment
* the North American criminal investigation agency the FBI
* the UK Ministry of Defence
* London's Metropolitan Police
* the Irish Army
* one of the UK's largest financial institutions, the Nationwide Building Society
* one of the worldwide big four accounting and strategy groups, Ernst & Young
There are lessons for all of us in this article. The author rightly talks about the smart technologies for encryption like BitLocker, and asks why they weren't used. Good question. But any amount of technology won't get round the shocking carelessness of those involved. Information security isn't just about whacking smart encryption software into devices like laptops - in a more general sense its about people being sensible and discreet. Who needs to know? Who is listening to our conversation? Who could see my documents, paper or electronic? Shall I shred this document? Is my phone secure? What do I say in a social/casual situation?
Right now is an exciting time for technology, particularly mobile technology covering laptops, mobile phones and PDAs. Also the web and the way all these devices work with the web. It's all great, but we shouldn't forget commeon sense.
I get my laptops and peripherals from Portable Universe and I can thoroughly recommend them. The best thing for people to do is to talk to them, let them know what your needs are (both current and future) and they will come up with the best laptop for you. I also get blank DVDs there for my backup.
http://www.portableuniverse.co.uk