Full Disk Encryption: St Albans Finds Using Encryption Is Not The End Of The Story.

St. Albans Council has found that data protection does not end at using data encryption software.


If you’ll recall, St. Albans experienced a breach nearly one year ago, when four laptops were stolen, affecting 14,500.  Since then, the council has made a number of changes to better protect sensitive information, including the physical lockdown of computers and the use of encryption software to protect data.


A security consulting firm brought in to check on the changes.  The firm has found that while data is better protected from before, the council could make some changes to even better guarantee information security.


Staff Sharing Passwords



One of the suggested changes was to better educate staff not to share passwords.  Other recommendations included “audit files for all log-ins and access to databases.”


Clearly, the latter recommendation hinges upon the security of passwords.  Think about it: if everyone uses the same password to log in to a computer, then the auditing of files and logs is worthless–they’d all point to one person.


Data Security, Constant Vigilance



The thing about data security is that you really can’t let your guard down since it’s never known in advance when a threat will strike.  Unfortunately, it’s nearly impossible to keep your guard up all the time.  Heck, even the military has various stages of “alerts,” and never do they stay at high alert all the time.


When it comes to data security, then, the trick is to use different methods that will complement one another.  For example, if passwords are being shared, then a policy of periodically changing passwords is definitely necessary. (As opposed to policy of changing passwords every six months and requiring the user to create a 24-character-long, mixed-character password; in my opinion, that latter one usually doesn’t require periodic password changes at all, regardless of what best security practices happen to be).



Related Articles and Sites:
http://www.hertsad.co.uk/content/herts/news/story.aspx?brand=HADOnline&category=News&tBrand=HertsCambsOnline&tCategory=newslatestHAD&itemid=WEED04%20Feb%202010%2012%3A16%3A38%3A390
http://www.documentmanagementnews.com/the-news/general-news/52-data-security/369-st-albans-council-still-failing-on-data-security-despite-the-theft-of-four-elector-data-laptops-says-socitm.html



Comments (0)


Let us know what you think