Hard Drive Encryption: First Advantage TCS Reports Lost Laptop To NH AG.

First Advantage Tax Consulting Services (TCS) has alerted the New Hampshire Attorney General that an employee misplaced a laptop during an airport layover.  Whether laptop encryption software was used is not mentioned, although a complex password was used, which was changed remotely (to something even more complex?).


Laptop Encryption Would Have Been Better?



While the ability to change complex passwords remotely is impressive, it doesn’t exactly offer security unless that password is tied to encryption software.  It’s already pretty well known by anyone who’s willing to look it up that the use of password-protection only can be bypassed in a number of ways.  And, you don’t have to be a brain surgeon to use them.


On the other hand, the use of encryption is proven to provide security (not total security until the end of the time, but pretty good enough to last a lifetime).  Plus, consider the following in AlertBoot endpoint encryption:




  • Able to change passwords remotely, from an internet-based central management console.


  • Features password rate limiting, so each incorrect password locks up the ability to try entering a password in increasing periods (2 minutes, 4 minutes, 8, 16, and so on).  This way, brute force password guesses aren’t effective.


  • Locking out from entering passwords after so-many wrong attempts (10 attempts is usually used).


  • Passwords can be deleted, forcing a would-be hacker to guess the encryption key, a significant hurdle over guessing the password (which tends to be easier to guess).

Most of the above are not featured, for example, in your Windows OS password-protection.  And, again, even if they were, you could just bypass it if you wanted to.


Offering Peace of Mind?



In the copy of the letter to be sent to 32,842 people, TCS notes that “because the security of your information and peace of mind are important to us, we are offering one free credit report and 12 months of one bureau credit monitoring.”


That’s good (not great–most people would prefer not having had the breach in the first place); however, I’ve been thinking about this, and…well, does it really offer peace of mind?


Many companies, not only TCS, make similar offers for purportedly similar reasons.  I, however, am not sure I would gain peace of mind because I’m signed up for such services.  For example, wouldn’t I kind of dread opening those credit report letters?  Who knows what this month will bring?  That kind of thinking is not something I would consider peace of mind.


Of course, having such services is better than not having them…but peace of mind?  I guess that depends on your point of view.



Related Articles and Sites:
http://doj.nh.gov/consumer/pdf/reed_smith.pdf
http://www.databreaches.net/?p=12784



Comments (0)


Let us know what you think