Log in

Archive for April, 2009

Do you want your Company’s Name on the Next Laptop Theft Headline?

April 8th, 2009

Sensitive documents detailing your company’s business plans including your product strategy, acquisition prospects, product roadmap, and customer records including personally identifiable information can often be found on employee laptops. Now imagine some of those laptops stolen. The thought of this happening strikes fear in the hearts and minds of executives ranging from small to large organizations that are striving to safeguard customer data and stay a step ahead of the competition. But the threat is real and
organizations are responsible for their data. This is not a joke.

Last month, almost 1300 people had to cope with the fact that their private information had been compromised. Why? A faculty member’s laptop had been stolen while traveling overseas.

In Chicago, thousands of patient names, addresses, and social security numbers were on a laptop that was stolen from an employee who works at a company responsible for billing ambulance charges.

97,000 Starbucks employees were notified that in October, 2008 their information may have been compromised. The result is a class action lawsuit against the company.

Finally, in 2006, a laptop containing the information of 26.5 million veterans was stolen from an employee of the Veteran Affairs Department of the United States. The department agreed to pay $20 million to veterans as a result of a class action lawsuit brought against them.

These are just a few examples of laptop theft that are occurring around the world. Customers and patients are clearly expressing that they will not tolerate the loss of their sensitive information. Some of the latest incidents are highlighting pending litigation due to laptop theft. The problem has become so great, that governments around the world are introducing privacy laws to enforce better information handling.

The risk to a company’s reputation, brand, and pocketbook must be compared to the cost of investing in a hard disk encryption solutions. Hard disk encryption solutions such as AlertSec can provide the needed piece of mind that sensitive customer and business data is safe, even if a laptop is stolen. Executives must act now before their company name ends up on one of these headlines.

3 comments »

Posted in Encryption, Identity and Information loss, Lawsuits and settlements

Tags: Encryption laptop security laptop theft

Laptops Loaded with Private Data

April 7th, 2009

locked Today, you have laptop computers coming and going and it seems like every day a new and even smaller laptop model comes out. The challenge is that most people don’t realize what they really have on their laptop.

While people like the convenience of the small laptops, from an IT perspective the smaller the laptop the easier it is to be lost or stolen. And I can’t tell you how many times I’ve heard “But all my data is on the network, there’s nothing important on my PC.”

One of the key reasons why we encrypt all our laptops is that no matter how careful you think you are – your laptop has data. Consider all these things that can be on your computer:

Passwords saved in your browser – You know you shouldn’t do this. You know it’s not secure. But admit it – most of us have saved at least one or two passwords in our browser. It won’t take a thief more than a minute to track these down. I used Firefox and it just took me only 4 clicks to see the entire list I have saved on my home PC!

Not using unique passwords – Let’s all keep going with the confessions. How many of your accounts use the same password? You have to – the human brain can only hold so much. So if a thief gets one of your passwords, they are likely to be able to hack into multiple accounts.

History saved in the browser – You might think, “well a thief won’t know what sites I visit” but you are dead wrong because of the saving of bookmarks, sites visited and the browser cache.

Access to the corporate network - The above issues might just effect an employee’s personal information, but how many of your employees have saved the password to their VPN or other access client on the PC.

These examples are just the tip of the iceberg as there are so many instances where convenience outweighs security on laptops.

For an employee, losing a laptop could be worse than losing their wallet or purse. As noted with the VPN issue, the company will suffer from potential access to their network. But the company will also see productivity issues as the employee will be spending many hours closing accounts and on hold with busy call centers – typically during the busy workday. Your loss from just one laptop theft could be more than a year of data encryption protection with AlertSec Xpress for your fleet of laptops!

As the IT manager some days I long for the mainframe days. All you had was one big computer in a computer room with a nice big lock on the door. Anything outside the computer room was nothing more than dumb terminals linked to the mainframe. No Internet, no dial-up – just a really secure computer system. But since we are not going back to those days – I use protection wherever and whenever I can.

1 comment »

Posted in Data Protection, Encryption

Tags: AlertSec Xpress Data Protection Encryption laptop laptop security laptop theft

Can you trust your lawyer’s PC?

April 1st, 2009

law If you grew up watching any type of crime drama or law and order show on television, than you know that anything that is said between a client is confidential. This is often called the attorney/client privilege. A lawyer risks loss of business and even disbarment if they violate this code in any way.

However, in the 21st century much of what is said between a client and a lawyer is in electronic format stored in emails and documents. “Everyone in the law firm who has access to client records, e-mails, memos or letters must hold the information contained in those documents and all communications confidential,” noted Bob Russell, partner with Procopio, Cory, Hargreaves & Savitch LLP in a 2007 article in Insights Legal Affairs.

The big law firms with huge IT staffs are most certainly stepping up to the plate and putting in place security measures to protect all their confidential data. However, according to data from the Law School Admission Council, 72.9% of the lawyers in the US are in private practice, with the majority of those lawyers in small one or two person law offices. I suspect that the ratios hold in most other industrialized countries – regardless of whether they are referred to as lawyers, barristers or solicitors.

While there are hundreds of security steps that a business can take with regards to protecting their data assets, at the very least every law office should set out to ensure that:

All computers require passwords and those passwords are required to be changed on a regular basis – This can be setup on any PC regardless of what version of Windows is being used.
Backups (which should be done for other reasons than confidentiality) should be secured.
Anti-virus and anti-spyware software should be on each computer with a automatic updating setup to ensure regular updating of this software. An anti-virus program with a 2 year old list of viruses won’t ensure security.
Any computer that is on the Internet should have a personal firewall. Again, in a process that is making it easier for small businesses all of the popular anti-virus products mentioned above now come bundled with a firewall.
Encryption of the hard drives on all computers. I have hesitated to put this into earlier security recommendations due to the technical skill required to set this up. However, with Alertsec you can now roll out hosted (Software-as-a-Service) solutions that can even be setup and installed by a non-techie. This is a huge step up in making encryption possible for smaller organizations.

Technology may not be the first love for a lawyer. However, to ensure confidentiality lawyers must put electronic safety and security on their to-do list. With the hosted solutions offered by Alertsec there are now simple solutions that will ensure that the lawyer’s computer respects the attorney/client privilege in the same way that the lawyer does.