Laptop Losers Hall Of Shame Shows Importance Of Hard Drive Encryption For All Computer Types: A Commentary.
Networkworld.com has a small slideshow of the top ten worst data breaches of all time when it comes to unencrypted data. Of course, these are only known instances, as networkworld.com points out. They also point out that the data breaches could have been prevented if the laptops in question had been secured with hard drive encryption, a service that is provided by AlertBoot, among others.
The number of affected people by each breach range from the 228,000 to 28.6 million, although the latter figure is way off the mean, with most breaches relegated to less than 500,000 affected per instance. Of course, that’s still a huge number. Why carry around such sensitive information? Why store all that sensitive data in a laptop?
Carrying that amount of data on an everyday basis is just plain crazy. I mean, forget a laptop is involved. If someone told me that he had in his briefcase—right now, at this instance—500,000 names and SSNs printed out on letter?sized sheets, and that this was true everyday (and he wasn’t in the data transportation business), I’d think he was crazy for carrying that around. Or, at least I’d check to make sure he had handcuffed himself to the briefcase before asking, “But why?”
(If you pulled out your calculator to see if this is possible, my estimates show that all 500,000 names would fit in two briefcases, assuming four column sets of thirty names and SSNs per page; that each page can accommodate thirty rows of names; that names are printed on both sides of each page; that a stack of 500 pages will fit in a briefcase; and that two stacks will fit side by side…so, it’s not inconceivable, especially since none of the assumptions are a stretch, either. Well, except for the guy carrying this day in, day out.)
Clearly, in the pre?digital era, people didn’t carry all that information around just because they can. So why do so now?
Well, that’s the thing—they weren’t all being carried around. Of the 10 cases listed, 6 cases cover an instance where the laptop was lost while in transit. And, the higher the count of affected customers, the higher the chances the laptop was stolen during a break?in into a building, be it a home or the office.
I’m not sure if these ten cases are enough to derive any conclusions, but it seems to me that the form factor is not the issue. Or rather, the form factor is not the determining factor—chances are that something small will be stolen over something big, assuming they each have the same value; it’s just common sense. But in the four cases where a break?in was involved (which is also the instances where the number of people affected was much higher), a thief could have easily stolen a desktop computer if a laptop had not been available. I mean, you don’t break in to a building, find there’s no laptops available, and just split. You have to take something; otherwise, what’s the point? I’d imagine that in those four instances, any computers would have been stolen, which is why I tend to advocate full disk encryption for all computers, not just laptops.
Laptop computers imply mobility. But the truth is that more and more companies are opting to buy laptop computers over desktops even when the computer is not expected to be taken home or anywhere else, for that matter. A laptop tends to suck less electricity; is quieter; can be easily moved off the desk if you need the desk space (or just move it around the office—meetings and repairs and such). For the average office user, there’s no pragmatic reason to opt for a desktop over a laptop computer.
So why store data in a laptop? My guess is that the response will be, going forward, “where else are you going to store it?”