The University of Victoria had a data breach that left thousands exposed. While the details are not being given, it looks like an external drive was stolen during a break-in. The device was not properly secured with disk encryption software like AlertBoot, increasing the risk of identity theft for over 11,000 current and former UVic employees.
Existing Technology in Place
The site saanichnews.com quotes Stephen Neville, the director of the Centre for Advanced Security, Privacy, and Information Systems Research at UVic, who notes that the university “had the existing technology in place that should’ve stopped last weekend’s breach from happening.”
He went on to say:
“The degree to which people may be aware of these (available) options is the issue,” Neville said. “It comes down to an employee saying, ‘I need to back up (this information),’ as opposed to saying, ‘Are there better ways of backing up the information that protects the privacy of the data?'”
You’ll notice that Mr. Neville concentrates on the data, never brining up “hardware” as an issue. That’s because, regardless of where the data ends up, it can be easily protected using encryption software. I’m pretty sure the “existing technology” he refers to is a passing reference to encryption.
And, my, should have encryption been used. According to the details that were released, the banking information and Social Insurance Numbers for over 11,000 past and present UVic employees (beginning from January 20120) were lost in the data breach.
Saanichnews.com speculates the information was stored in an optical disk or hard drive that was locked in an office cabinet.
Encrypting Backup External Drives
Data backups are important, in more ways than one. Certainly, backups allow one to recover data in the event something happens to the original: theft, data corruption, disasters like flooding and fires, etc. But, backups are trickier than they appear because they need to be secured as well.
For example, scores of backup devices have made their way to the consumer market, in many cases external hard drives with a single, prominent button, to be pressed when you’re ready to perform a backup — literally “one-button backup solutions.”
You press the button and problem solved. Right? Not quite.
Backing up the data is only the first in a chain of multiple decisions. You still have to consider other aspects, such as, where will I keep this backed up data? You don’t want to keep it right next to the computer, since whatever befalls on the computer could extend to the backup as well. Think of fire, water, coffee spills, a prank gone awry, etc.
Keeping it in the same office but away from the computer also poses its own problems. As in the UVic situation, a thief could make off with the backup. And the original. And your petty cash. All at once. Or, the backup could be stolen while the original remains in place.
But, the biggest problem may come from the fact that many people will secure their originals while not extending the same security to their backup. Sometimes, this is due to a lack of education.
Take AlertBoot, for example. It’s a hard disk encryption solution. Most people already have an understanding on what it does: it encrypts all the data on your hard drive. This is not wrong, but it’s also not right. Yes, all the data in your hard drive ends up encrypted.
But, “encrypts all the data on your hard drive” allows certain miscues to arise. For example, most users think this means that copies of the encrypted data will also be encrypted. Like when data is backed up. But it’s not, that’s not how hard disk encryption works (well, not always anyhow). Under hard disk encryption, it’s accurate to say that the entire hard disk is encrypted. And because the hard disk is encrypted, the data you place in it is also encrypted.
In other words, the data is encrypted as long as it’s on the hard disk. Copy it to some other device that is not encrypted, and the data won’t be secure anymore.
This is why AlertBoot has the option to encrypt any external media devices that are connected to an encrypted computer. It’s not just meant for backups but for any instances where data is copied off of a protected device. We realize that it’s the data that you’re securing, so that it makes no sense to encrypt the contents of your entire computer while allowing your USB port to become a security fail point.
With something aking to AlertBoot, perhaps UVic wouldn’t have had to deal with this particular data breach.
Related Articles and Sites: