With some of the most stringent reporting requirement regarding data breaches, the tiny state of New Hampshire (population 1.3 million) in the northeastern United States is turning into the place to go to learn about data breaches. The latest news on how a “laptop left on plane put pension fund participants at risk” is an interesting tale about how security does not stop at your firewall – indeed security is a piece of most every business puzzle.
Party A does not encrypt and loses data owned by Party B
This story is a bit hard to follow but essentially on June 14 an employee of the Verso Paper Corp. left a company laptop behind on an airplane. One their laptop were two documents that contained the names and Social Security Numbers of some former and current participants in the PACE Industry Union-Management Pension Fund (PIUMPF). According to a letter (pdf) sent to the New Hampshire Attorney General’s Office, it seems that PIUMPF had provided Verso with the data as part of a discussion relating to the possible merger of Verso’s pension plan into PIUMPF.
So say you are the IT manager at PIUMPF and perhaps if you have secured and encrypted all your data – you are sitting safe and pretty. But your company’s data is shared with Verso and they don’t have nearly as good security – their laptops are not encrypted and as this case highlights – a third party can bring you down from a security perspective.
You can’t just encrypt, You have to educate
Alertsec has written and talked about this many times. What your partners do matters: from Software-As-A-Service vendors who host your data to the company, to the company that carries your backup tapes to a vault to business partners that gain access to some or all of your data. When it comes to security, the actions of your partners matter.
Any other vendor that will come in contact with your confidential data has to be asked to follow the same stringent security protocols that you use. However, the decision to share data may occur outside the confines of the IT world. This is a key reason why it is not just enough to secure and encrypt your organization’s PCs – you have to ensure that your senior leaders understand the security issues of data sharing.
Encryption is the only secure way to protect your information
It might seem pushy to ask questions about a business partner’s security procedures – but the case with Verso Paper highlights why you have to be proactive and specifically tell business partners what you mean by security. If the unthinkable actually happens and your business partner loses a computer with your laptop, a tool like Alertsec Xpress ensures that the information is protected at all times and cannot be compromised which ensures you complete peace of mind.
