A newspaper in the UK was able to find, via a Freedom of Information request, that the Devon council workers have experienced fifteen instances of computer thefts over the past three years. It makes one wonder why it took the council such a long time to decide to encrypt hard drives. It certainly couldn’t have been its rarity (encryption has been available since the seventies) nor its cost (AlertBoot, for example, makes it easy and affordable to protect the contents of computers across an organization’s base).
Perhaps the answer lies in what someone interviewed for the article called a “cavalier attitude” by the council. Harsh words, perhaps; after all, there’s no way of knowing what the council is doing, or has done, to stem data breaches. They could be facing impediments at a higher level in the form of budget approvals (or lack of approvals), for example.
On the other hand, if an organization accused of being cavalier with sensitive data tries to defend itself by pointing out that “in these cases [the theft of computers], the devices were stolen from officers, not casually lost”…well, that’s not a winning or an endearing argument. I mean, can you imagine the reaction of the public if someone said that regarding the loss a nuclear warhead? Or maybe children from a nursing facility? So why make the statement regarding personal information? I guess they don’t think the loss of data warrants the same or similar level of concern — which would seemingly be a cavalier attitude when viewed by those directly affected by a data breach.
The good news is that the Devon County Council has wised up, and has already rolled out a program “to install encryption software on all laptops and other portable devices across the whole organisation.” The statement goes on to point out that “this will make it impossible for unauthorised people to access the data.”
Yes and no. The use of encryption will certainly protect the contents of those digital devices. However, a cavalier attitude regarding the secrecy of passwords will hamstring data security. I imagine that people who avoid blame by saying things were stolen, not lost, wouldn’t be willing to face blame when a laptop computer gets stolen, not lost…with the password stuck to the underside of the computer.