Hard Disk Encryption Not Used In Lost Laptop Containing Ohio Student Information.

A Reynoldsburg City School district laptop, which did not make use of hard drive encryption like AlertBoot to protect the information on the computer’s internal disk, was stolen from an employee while he attended a wedding.  The laptop was stolen from his car, a not so infrequent data breach scenario covered by this blog.  Makes one wonder if cars ought to be banned in the name of data security.


Of course, that would be a stupid solution.  Let me play a bit with that thought, though.  What if I told you I kept $1 million in cash in my van?  Well, most people would might think it’s stupid and that, heck, it’s your money…you do whatever you want with it, blogger dude.  What if I told you I kept $1 million of your cash that you entrusted to me in my van?  We’ll assume you’re a billionaire and I didn’t show signs of being a complete imbecile.


I’d expect at least a little ruckus on your part.  What if I revealed that the van was an armored car, with bulletproof glass and guards armed with automatic weapons?  Some might still be unsatisfied that it’s kept in a car.  I personally believe that such people also don’t trust banks, and keep their money hidden in their homes.  As if thieves don’t break into people’s homes every day.


What’s the difference between an armored car and a van?  The security associated with it.  Granted, an armored truck is not a place to continuously park your cash, but it does the job of minimizing the chances of something going awry when moving money from one secure place to another.  And so it is with laptop encryption.


One of the first rules of data security is to not save or store any sensitive data that you don’t need.  In a matter of speaking, that’s the rule that was broken in the Reynoldsburg breach mentioned at the beginning of the article.  The officials were phasing out Social Security numbers in the student database, a logical procedure when one considers that SSNs are not supposed to be used as an identifier.  And the work was finished without incident.


However, the computer technician who was working on the project did not delete the sensitive data from his own laptop after the job was done.  And about a week later he attended the ill?fated wedding.  If he had used encryption software to secure the contents of his laptop computer, the school district wouldn’t have to ruefully admit responsibility for the loss.  The employee in question is on paid leave—I guess until an investigation is completed.


Related Articles:



Comments (0)

Let us know what you think