Burglars broke into the Prosecution Department offices at the Lahore District Court and stole a desktop computer. While the world may be moving towards a more mobile workforce (BYOD and the “Consumerization of IT”), the number of desktop computers — and the people chained to their work desks — is substantial. They, too, need to take into consideration the use of drive encryption software like AlertBoot and other data security measures.
Door to Roof Left Open
According to tribune.com.pk, the burglars initially tried to make their way in via window but were unable to “cut the netting on the window.” I’m assuming it’s a reference to a bug screen of some sort, which leads me to wonder whether these are professional thieves were talking about here.
And, the answer very well may be “yes, they’re pros” because it turns out that, faced with an insurmountable obstacle, they made their way in via the roof, where a door was left unlocked.
Officials interviewed for the story declined to comment whether stolen desktop computer contained any sensitive information — but wouldn’t it be just logical that sensitive data was stored in it?
Don’t Ring the Alarms, Yet
It was also revealed that,
the staffer responsible for looking after the superintendent’s office, upon seeing that the computer was missing on Tuesday morning, had assumed that his boss had taken the machine somewhere. But when [Superintendent Mushtaq Ahmed] Saqib came to work, he asked the staffer to get him a printout of a document saved in the computer. The staffer searched the other offices in the building but couldn’t find it. [tribune.com.pk, my emphasis]
That’s quite an assumption to make. Normally, people don’t go around taking desktop computers home. Based on the reaction by the staffer, though, it sounds like this might have been a regular (or at least, not an out-of-the-ordinary) incident.
Of course, if there was an unofficial policy of transporting the desktop computer back and forth from one’s home, the obvious question arises: what data security solution was in place? Was it, for example, protected with encryption software? We’re talking about a computer used at a court which contained documents necessitated by superintendents.
The bottom line to the story: data protection is incomplete if you’re relying on physical security only. Locked doors and barred windows are only good while nobody takes the initiative to break in. Once they do, what prevents them from causing a data breach? If you’re not using data encryption software, the answer is “nothing.”
Related Articles and Sites: