High-Tech Encryption: South Carolina Legislator Notes Not All Security Solutions Need To Be High Tech.
Strengthening computer security is one of the goals listed by the South Carolina caucus for this year. While it may sound like a knee-jerk reaction to the ginormous data breach The Palmetto State experienced late last year, it looks like clarity of mind and sanity prevails in the SC legislature. The House Majority Leader noted that not all approaches to data security require highly technical solutions, which is true. On the other hand, there are those instances where high-tech solutions like AlertBoot’s laptop encryption software would be preferred over non-technical ones.
Education Also Part of the Solution
According to legislators quoted at chronicle.augusta.com, training and awareness are also another tool in the fight against data breaches:
Legislators hope actions taken since then will prevent another such breach at the Revenue Department, but all state agencies’ computer systems must be evaluated and updated to prevent breaches elsewhere. How much that will cost is unknown. The state is in the process of hiring consultants.
Legislators noted the solutions aren’t all high-tech. [House Majority Leader Bruce] Bannister said training is key, because state workers ought to know when not to open an e-mail. [House Minority Leader Harry] Ott said agencies need protocol for when a computer virus or malicious e-mail is detected.
Like they say in computer security circles, the weakest link in the chain is people. Educating personnel so that they are aware of when they might be walking into a trap (be in phishing, virus installation, or any of the other myriad forms a data security breach can be triggered) is definitely necessary. One does should not forego human awareness for the latest technical solution.
People Don’t Follow the Rules
On the other hand, there is something to be said about technical solutions, especially in those instances where you know human nature will most likely cause a data breach. Consider, for instance, what happened at NASA, where you literally have rocket scientists and people managing these rocket scientists.
Despite all the intellect at the organization, it has suffered so many data breaches that NASA has declared an ultimatum: laptop encryption will be used on all NASA laptops, and those that are not encrypted will have to remain within NASA buildings until they are secured.
It just goes to prove that in certain instances education doesn’t work. If a technical solution presents itself that happens to be idiot-proof, then it behooves an organization to use it. Full disk encryption is one such solution because of its simplicity: it’s always on, only requires a password (which, depending on the solution, can be reset if forgotten), and is otherwise transparent to the end user.
Related Articles and Sites: