Stolen laptop with employee information- yet again

The Associated Press reported that a Williams Cos. Inc. laptop containing personal and compensation information was stopen from a workers vehicle. The laptop had over 4,400 current and former employees records. Information like names, birth dates, Social Security numbers and compensation data was on it. How many times have wee seen this story?

They said the laptop was password protected. Well then lets not worry eh? A password, run for Ze Hillz! They did not say whether other security measures like application security risk assessment and network security audit tools were used in place other than the PGP Whole Disk encryption , or of any kind of remote wiping utility was in place or even if a hard disk password was used. The people with stolen data can only hope this might be the case.

So not we have the hoke pokey dance of checking credit, getting free one year membership to credit monitoring, buring down the barn now that the horse was stolen, all that good stuff.

Here is a list fo some recent thefts

records date organizations
1,084 2009-08-06 Colorado Department of Corrections
131,000 2009-08-04 United States Army National Guard
1,000 2009-08-04 New Hampshire Department of Corrections
4,400 2009-07-31 Williams Companies, Inc.
766 2009-07-28 University of Colorado CO Springs
573,928 2009-07-25 Network Solutions
900 2009-07-24 Hampton Redevelopment and Housing Authority
1,000 2009-07-23 American International Group (AIG), American Life Insurance Co Japan
180,000 2009-07-22 HSBC Holdings plc, HSBC Life
1,917 2009-07-22 HSBC Holdings plc, HSBC Actuaries

The main problem with these events is that the user is uneducated when it comes to security and don’t bother to go for a  security penetration test or information security risk assessment.  No matter what kind of technology you put in place, the user can find a way around it to compromise your security. First educate them, then worry about technology to protect them from their own stupidity.

Gary Bahadur

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

o:888-KRAA-911,  c: 917-568-7917, f: 866-633-6601

Address: 20801 Biscayne Blvd, Suite 403, Aventura, FL 33180

*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

*FREE Website Security Test

Reblog this post [with Zemanta]