Sometimes Information Security Does Not Resonate

Hard Drive.jpgWe have come so far in understanding, measuring, and communicating basic information security factors.  Yet, the challenge continues as a recent news story shows.  A police chief assured the community that data from a stolen police laptop was secure:

"The police chief said he's been advised that it's unlikely anyone could access personal information stored on the stolen laptop because the battery is so old it barely functions without a companion power cord."

http://www.seacoastonline.com/articles/20110504-NEWS-110509918

For the record, just because you cannot start a computer, does not mean the data it contains is secure.  Data residing in nonvolatile memory, which remains intact even after the power is turned off, must be secured in ways to insure it cannot be accessed by other means.  Encryption, device destruction, and data sanitization are normal methods which have proven to secure data if done correctly.  Additionally, beyond the data exposure potential, the actual configuration of a lost device, both in hardware and software, may expose ways for an unauthorized external computer to gain access to the secured network. 

Caution to the wise.  Any device which stores data should be addressed before it is abandoned, sold, or reused outside of your control.  This includes PC's, printers, network gear, hard drives, and USB sticks.   Data destruction is important.  Knowing how data can be exposed is the first step in avoiding unfortunate data loss situations. 

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.