It seems so obvious to us that anybody with a laptop should have file encryption, but obviously we are more than casual believers. However, we have to wonder about companies that are allowing Human Resources and Finance staff to put massive amounts of data on laptops. Certainly for folks in these positions, file encryption should be an obvious requirement – or as these tales will reveal – maybe not!
HR laptops sitting in a car
Williams, a 101-year-old natural gas producer and distributor, has 4,400 employees company wide. In late July a Williams laptop containing personal and compensation information for more than 4,400 current and former employees was stolen from a car in Tulsa, Oklahoma in the United States. The passenger-side window of a Williams employee was broken and the laptop, which was in a black bag, was stolen.
Company spokeswoman Julie Gentz said that the computer contained names, birth dates, Social Security numbers and compensation data for every Williams employee since Jan. 1, 2007. Obviously there is more than enough information in the laptop files to allow any semi-knowledgeable criminal to carry out fraud without the actual person being aware of it.
While the laptop was password-protected, it did not make use of hard disk encryption software like AlertSec. A letter issued Friday to all employees by Stephanie Cipolla, vice president of Williams Human Resources, indicated that unauthorized access is possible, despite their existing security measures. It seems like after the fact, everybody is willing to admit that security holes and issues exist – but that is way too little and way too late!
Just because you are 101 years old – does not mean you know how to safely run a business!
National Security AND Laptop Security
The US Army National Guard does a fabulous job protecting Americans and their allies around the globe. But, they can’t keep their own members safe! The Army National Guard is reporting a July 27th data breach via an unnamed contractor whose laptop was stolen. About 131,000 former and current Army Guard members could be affected by the data loss, which occurred July 27 when a personal laptop owned by an Army Guard contractor was stolen, said Randy Noller, a spokesman for the National Guard Bureau.
The Army Guard will inform those Guard members who are determined to be impacted by this incident by mailing a letter to them, Noller says. The National Guard Bureau has set up a web page and the Army Guard will have a toll-free call center featuring up-to-date news and information on the data compromise. So in the end they will probably wind up doing more work than if they had simply had the hard drive on the laptop encrypted!
Why would a contractor, or anybody, need data on 131,000 guard members on their laptop!
I have run into the similar issue at two companies – the HR department which should be the most concerned with security is not in the lead. HR should be partnering with IT – but instead it takes as much work to educate them as other departments.
Hey! Nice job here! I’ll be dropping by from time to time
hello it is my first post on this website and in the begining I would like to thank you for the useful information, which I found in this and all previous topics , it really helped me very much. I will definitely add this website on my rss reader
Also, I would like to ask – don’t you mind if I will quate some information from your website since I am writing articles for the Helium, Ezine and other articles directories (this is my part time job)? It would really help me with some of mine articles. Of course, I will mention your website title or URL (not all articles directories allows URL’s , so I can’t 100% promise that you will get a direct link to your website).