Government Agency Uses More Laptops, Requires Mobile Data Protection.

A Department of Revenue Services (DRS) laptop computer containing the information of 106,000 Connecticut taxpayers was stolen.  One might wonder, why was taxpayer information stored on a portable computer?  My assumption is that most taxpayers would want sensitive information to be sequestered in a building, behind guards, the computer bolted onto the desk itself.


Well, it turns out that a lot of the government agencies are looking into using laptops.  The increase of state-owned laptops is fueled by the need to prepare for emergencies according to a quote attributed to Nuala Whelton, the spokeswoman for the Department of Information Technology.


State governments are afraid that severe weather, terrorist attacks, flu pandemics, etc. could shut down essential services provided by the government.  In such emergencies, being able to connect to a government network from anywhere would allow the government employees to keep on truckin’ by connecting over a secure network. VPN’ing requires specialized equipment, and hence the laptops.  Per the figures supplied by the Department of Information Technology, there’s over 2500 laptops deployed among the 14 largest state agencies in New Hampshire alone and the implication is that the number will grow further.


Laudable as the motives might be behind the issuing of laptops to government workers, it seems that less thought was given to policies and programs to ensure the safety of the data contained in those machines.  In this case, the theft of the laptop was reported within hours and the computer was password-protected.  Now, that was quick action on the part of the employee.  However, if there is nothing in place to ensure that the data contained in the laptop cannot be accessed, such quick action is for naught.  So, is the data protected?


Well, there is the issue of what they mean by password-protected.  If the password protection in question is a simple username and password prompt that one gets when booting up and into Windows, this is probably not an adequate safeguard.  There are ways to get around it such as popping the hard drive out and linking it up as a slave drive to another computer.


The best way to ensure that the data does not get accessed by prying eyes is to have had the machine itself encrypted by using a service such as the full disk encryption managed service offered by AlertBoot.  This way you still have to guess at the username and the password in order to access the device due to AlertBoot’s boot up protection, and because the contents are already encrypted, trying to circumvent security measures via traditional (and, sometimes, easy) methods will leave the criminal empty-handed.  Plus, you can specify whether the username goes dead if the wrong password is supplied too often (as it would happen if someone were trying to hack it).


It looks like the DRS agrees: new policies will be enacted so that devices are encrypted and restrictions on what type of information can be placed on state issued laptops.


Like in many cases where a laptop is stolen with sensitive information, free identity theft coverage to taxpayers who might be affected is being offered by the state, amounting to about $1 million for one year of coverage.

Comments (0)

Let us know what you think