Disk Encryption Software Protected 10 Stolen Irish Revenue Laptops.

Today is Data Protection Day in Europe.  As such, it’s the day to show an example of how to do things right when it comes to data protection.  Three men have done us the honors by stealing 10 laptops from an Office of the Revenue Commissioners in Dublin, Ireland.  Why is this a great example of how to secure data?  The computers were protected with laptop encryption software, as well as chained and padlocked to their desks, and everything was recorded.


Yeah, it didn’t prevent the laptops from getting stolen.  At least, there won’t be much to this particular “data breach.”


Emergency Entrance Forced



Three hooded men forced open a side entrance to offices of the Revenue Commissioner at Ashtown Gate on Navan Road around 7:15 PM.  They stole ten laptops, all of them chained and padlocked to their desks.  Thankfully, encryption software is used on all laptops as a matter of policy.


While it hasn’t been revealed yet what the laptops contained, in all likelihood it contained tax-related information, such as names, addresses, whatever Ireland uses for tax IDs, annual earnings, etc.


I’m not sure where techeye.net got their information, but they had this to say:


Revenue officials are not yet clear on what was on the laptops, but it is likely that the robbery was designed to hide information relating to taxes paid or owed by an individual or company as part of a larger fraud cover up.

That’s a little too much conspiracy theory for me (Apparently, I was rash in assuming this was being spread around by people wearing tin-foil hats.  Officers at the revenue agency feel the same way).


Encryption Saves the Day



There’s a saying that a chain is as strong as its weakest link.  In this case, there were a couple of “weak links.”  First and foremost is the emergency entrance.  Why’d the thieves force their way in via this particular door?  Because it’s generally easier to force.  An emergency door, by definition, has to be easy to open.  This means that you can’t make it as secure as you want it to be.  No deadbolts on those, for example.


(Of course, it sounds funny calling an emergency door as a weak link or a security risk; you can’t not have emergency doors.  History shows us that’s not a good idea.  On the other hand, strictly from a security perspective, it cannot be anything but a security risk.  Imagine putting an emergency door inside a bank vault, in case someone gets locked in.  Sounds like a bad idea, right?)


Then there are the padlocked chains.  Certainly sounds secure, but I’m assuming it’s one of those lockable computer cables which aren’t that hard to get rid of, given the right tools and enough time.  That caveat also works for actual chains and actual padlocks, actually.


Physically securing objects are an important part of data security: if you can’t remove a laptop, there is no data breach.  Unfortunately, physical security has its limits in your everyday settings.  That’s why if you’re looking to secure data, more specifically digital data, then you need to use encryption (the physical security becomes less of a data security tool and more of an asset security tool).


Certainly, given enough time, encryption can be broken as well.  However, the time we’re referring to runs into the hundreds of years, if not more.



Related Articles and Sites:
http://www.rte.ie/news/2011/0128/revenue.html
http://www.thejournal.ie/revenue-laptops-stolen-2011-01/
http://www.techeye.net/security/10-laptops-stolen-from-irish-tax-office
http://www.businessandleadership.com/business/item/28092-laptops-stolen-from-revenue/



Comments (0)


Let us know what you think