New Year's Resolutions
|
Everyone always struggles to drum up New Year's resolutions that are meaningful, tangible and, well, important. I have an idea this year for IT managers and businesses hoping to make a resolution that will have long-lasting and important ramifications. Now is the time to invest in encrypting your company's notebook PCs. I know it's a headache, and I know it is easier said than done. But the University of California has to dole out $2.8 million to the feds because of a major security breach that occurred at the Los Alamos National Laboratory in 2006. That's on top of the $3 million civil penalty the National Nuclear Security Administration slapped on the university in September 2007. I am sure university officials could list for us countless other ways they'd like to be spending that money. To jog your memory, this is in regard to the security incident involving a former lab subcontractor whose trailer was raided by Los Alamos police. The contractor in question was actually not the target of that raid, but was found in possession of 1,000 pages of classified documents and a few computer storage devices. Now, the university isn't being penalized per se for the level of encryption of the devices in question. Still, it should serve as a major red flag for why it is so important to be prepared, especially in large enterprises where contractors, subcontractors and consultants filter in and out of your company on a regular basis. It's not only time to invest in your notebook encryption options; it's time to really get behind employee training. Yes, though they should simply understand the importance of protecting sensitive information, a lot of PC users don't understand the nitty-gritty mechanics of data storage and may think simply having a log-on password is enough to keep files out of the hands of the wrong people. It's a good idea to head up training sessions that will help users of all levels of comprehension understand the basic principles underlying encryption and how it affects them, and what penalties exist in the face of a breach. |
Comments (1)
Storage devices and portable devices are a huge security issue, but running a hackable OS is right in line with that. We have seen over the years that Windows is a user and malware friendly OS on which evildoers can readily plant trojans/spyware/viruses to transmit over the network all the secrets of the IT system. They can do this right from the keyboard and display if you do manage to encrypt storage. They can also supply passwords and keys to their masters.
In 2008, IT leaders should promise to install security concious operating systems like *BSD and GNU/Linux. XP was weak for many reasons including being designed by salesmen but the complexity and closure of XP and Vista prevent any real security audit and prevention. Learning about security vulnerabilities in the press weeks after the intruders have exploited them is not security.
In 2008, let us all leave Microsoft to its own rewards.
Posted by Robert Pogson | December 31, 2007 4:59 PM