Computer theft doesn’t just happen to you or me, but to major companies – here are some IT nightmares. In September, a laptop containing 5,000 records from the LSU Health New Orleans School of Medicine was stolen from a doctor’s car – parked in front of his own house. In October, the University of Oklahoma College of Medicine, Department of Obstetrics & Gynecology, had to notify select patients that records pertaining to their health from 2009 and 2014 were on a laptop stolen from a car.
Ironically, another recent victim of car laptop theft was a company specializing in conducting security background checks.
If you’re handling IT at your company here are 6 things you should definitely share with your employees about security:
- DO NOT leave an unattended laptop in an unattended car. (This is a no brainer, but doesn’t hurt to emphasize)
- The Information, is the target – not the hardware. Information stolen can become the raw material for identity theft. Lawyers, doctors and accountants are frequent victims of this type of theft. Schools, retail outlets and banks are also on the list.
- There are substantial penalties. Theft of a work laptop can activate potential liabilities under Sarbanes-Oxley, the Healthcare Information Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act and other regulations. For instance in 2009, BlueCross BlueShield of Tennessee was fined $1.5 million(and spent $17 million in remedial actions) after 57 unencrypted hard drives containing records.
- Just because you’re “smart”, doesn’t mean it can’t happen to you. In 2012, a NASA employee had a laptop stolen from their car – potentially compromising the personal information of 10,000 employees. “Although the laptop was password protected, it did not have whole disk encryption software, meaning the information on the laptop could be accessible to unauthorized individuals,” Richard Keegan, NASA associate deputy administrator warned in an email to NASA employees.
- It’s not just your work laptop.External hard drives & USB flash drives carry sensitive information such as payroll, SSN’s, and more. In Northridge, California, thieves stole a Point-of-Sale system that contained financial information SSNs and other employee information.
- Practice ALL internal security policies. In 2014, according to the Wall Street Journal, a thief simply strolled into Coke’s Atlanta headquarters and strolled out with 74,000 digital employee records that included Social Security numbers, license numbers and other information. Despite internal policies requiring encryption, the laptop’s information was unencrypted.
So what more can YOU do? Aside from sending an avalanche of IT security reminder emails to every employee, encryption can be the key! Encryption can help solve the problem by making stored information unintelligible to intruders. Yes, just ike anything else, encryption systems can be hacked, but it takes more money, more time and brute force computing.
You could go the distance and allow self-encrypting drives to help by:
- Minimizing the performance impact by offloading encryption to specialized hardware
- Take humans out of the picture!
Coughlin Associates predicts that a large proportion of solid state drives are already self-encrypting capable and the technology will be close to universal by 2018. “Encryption should be enabled for everything by default, not a feature you turn on only if you’re doing something you consider worth protecting,” security expert Bruce Schneier wrote in his blog.
You don’t have to rely on humans to safely secure their work laptops, USBs, external hard drives, etc instead you can put your faith into self-encrypting drives. But for now, just remind everyone to please, PLEASE – take their laptops with them.
Infosec Article: “Six Things to Know About Laptop Theft”
Eyal is VP of Marketing for Data Center and Client Compute Groups for Western Digital.