Sophos Cloud Optix
US National Public Radio (NPR) reports today that BP’s Gulf oil spill woes – which already include paying out compensation amounting to a whopping $4,000,000,000 – have been worsened by a data spill.
Ironically, the lost data includes personally identifiable information (PII) about some 13,000 oil spill compensation claimants.
NPR reports that names, addresses, phone numbers and social security numbers – a key aspect of personal identity in the USA – were amongst the data lost.
The sobering part of this regrettable incident is that it happened because a single laptop was lost or stolen “during routine business travel”. And laptops are easy to lose – back in 2008, we wrote about a survey which found that 12,000 laptops are lost every week at US airports alone.
(Re-read those numbers above. When I first saw them in print, I misread the figure as “12,000 laptops lost per year”, which sounded bad enough. It took a while before I realised that the rate was per week – 50 times higher than the number that had already got me worried!)
Back in that 2008 survey, almost three years ago now, 53% of people said that their laptops contained confidential business information, with two thirds having taken no measures to secure their data. Clearly, some companies still aren’t taking appropriate measures.
We all need to lift our game, even in countries like Australia, and much of the rest of Asia Pacific, where security breaches can simply be swept under the carpet thanks to the lack of mandatory disclosure laws.
Even if you’re the sort of organisation which is willing to take risks with your own data – sales forecasts, trade secrets, and that sort of thing – you have a clear moral duty not to take risks with data you keep about other people.
Unfortunately, in those parts of the world where encryption and mandatory disclosure are not enforced by law, many sysdamins are being squeezed by budgetary pressures to do as little as possible about encryption-related security.
I’m not sure I understand that sort of economy. Surely your customers (or students, constituents, clients – whatever you call them in your sector) will value your service much more strongly if you can show that you are willing to do what’s right and safe with their data?
Why not consider the value of encryption to your business, instead of considering only the cost?
(To protect data on your own computers, especially if you intend to back it up or want to share it securely with friends on the web or via email, why not pick up a copy of Sophos Free Encryption for Windows today? Direct download – no registration required.)
Thanks for the note to re-read the numbers – I thought actually the same. 12'000 a year, which you stated right is bad enough. But 12'000 laptops a single week is just not imaginable.
Eventhough the survey was back in 2008 I really don't think the numbers changed after all 🙁
Duck where does it say that this lappy was unencrypted?
That's according to NPR, which quoted a BP spokesperson – see the link at the top of the article – thus:
"BP spokesman Curtis Thomas said…[t]he laptop was password-protected, but the information was not encrypted."
In the article he links to in the first line.
"The laptop was password-protected, but the information was not encrypted"
There are so many free encryption technologies available today anyway that are pretty reliable. Like True crypt, budget restraints inst really an excuse.
How on Earth do people lose so many laptops? Do these people lose that many wallets/keys aswell?
Laptops are big bulky things, theyre easy to notice that you don't have it anymore.
Thanks for every other great post. Where else may anyone get that kind of information in such an ideal approach of writing? I’ve a presentation next week, and I am at the search for such info.