There was a data breach at Ireland’s HSE over the weekend. 1,500 health records were removed from a Dublin office by an IT contractor. Goes on to show that when using data encryption software, you must also ensure that certain other safeguards, such as port blocking or port control, are available as well (like it is in AlertBoot).
Contractor Breaches HSE Policies, Sends E-mail to Wrong Recipient
According to independent.ie, an outside IT contractor for HSE downloaded 15,000 patient records to a USB memory stick–not protected with encryption software, by the way–and took it home. After working on the file overnight, he sent the files to the wrong e-mail address. What’s even more egregious is that an HSE staff member was present when the contractor downloaded the data.
According to the HSE, downloading the records to an unencrypted media device is forbidden. Of course it is. So is not wearing seatbelts while driving (in Ireland, seatbelts are compulsory even for passengers in the rear), but you know there are plenty of people who don’t follow it. While you can’t be proactive when it comes to wearing seatbelts, you can when dealing with USB memory sticks and other external media encryption. If you have the right encryption service.
USB Port Control
Data encryption is a foreign concept for many people. It’s not a hard concept to grasp, but there are nuances to what it does. For example, take laptop encryption.
Most people understand that once their laptop is encrypted, their data on the computer is protected. But this is only true as long as the data remains on that laptop. If you are planning on copying the data to an external drive–either for backup purposes or for easier transportation–you must ensure that the external drive is encrypted as well. Otherwise, bye-bye data security.
Compare this with file encryption. Since the file itself is encrypted, it doesn’t matter where it ends up, it will still be protected. In light of this, why choose laptop over file encryption? Because there are certain files that cannot realistically be encrypted (temporary files) and because sometimes you have too many files to protect that it makes sense to just encrypt the computer itself. (Imagine the annoyance of having to individually encrypt 50 files or more!)
So what can one do to further ensure data security if disk encryption is being used? After all, what the above contractor at the HSE did is probably an everyday occurrence. The answer lies in port control and management. Essentially, you can create black- and white-lists for allowing certain devices to connect with a computer’s port. For example, creating a list of authorized devices that can connect to the USB port would eliminate scores of unwitting breaches.
In fact, there is the option within AlertBoot to automatically encrypt any external media that is connected to an encrypted computer. This in turn can be shared with a designated group of computers, giving the flexibility to share data easily without increasing the risk of a data breach.
Related Articles and Sites: