New Zealand Data Breach: Fidelity Life Loses USB Stick, Encryption Not Used.

In the world of finance, there’s what’s called “systematic risk” and “non-systematic risk” (or unsystematic risk).  The latter is the type of risk that cannot go away, no matter how much you try.  It kind of reminds me of what IT personnel are facing when they deploy data encryption software in the workplace.  For example, Fidelity Life in New Zealand, which probably already employs disk encryption to protect client data, announced a breach last week, thanks to a new hire.

New Employee’s Satchel Gets Stolen

According to, Fidelity Life’s chief executive explained that a new employee, who had been with the company only a few months, had his satchel stolen.  Inside the satchel was not the Sankara Stones from the Temple of Doom (a la Indiana Jones) or 80,000 dollars for rescuing Doug (a la The Hangover), but a USB stick that contained sensitive information on 1,200 Fidelity Life clients.

The breached information included Fidelity’s Tower Health and Life acquisition, details of people who had invested with Tower, and personal bank account details, among other data.  However, “it did not contain information about Fidelity Life customers or their policies.”

There’s Always Something – Reducing Systematic Risk

If you’re a big enough concern, and tend to deal exclusively with financial information, then chances are good that your workplace requires the use of cryptographic tools like AlertBoot’s BYOD disk encryption software.  Disk encryption prevents data breaches from occurring when devices are lost or stolen.  It only requires a password when booting up the computer and kicks in when you shut down the computer so, as data security programs go, it’s unobtrusive and very easy to use.

The only problem is that you can only protect those devices that you know about.  Or, at least, that’s the case with a lot of encryption solutions out there.  For example, if an employee brings his own USB stick the workplace and starts saving files to it, how does the IT department know?

It generally doesn’t.  That’s why some IT departments disable USB ports on all company computer assets.  This creates problems, however.  What if you have to plug in a mouse?  Or an external keyboard?  Or that novelty fan you got because management decided to conserve energy and now the temperature’s much higher where you sit?

This is why companies should be evaluating software to see how much coverage they can offer.  For example, in AlertBoot, the full disk encryption software also comes with file and folder encryption.  This means that any attachments with sensitive information can be sent via email without breaking security protocol, and USB devices can be protected automatically when (not if) sensitive information is downloaded to it.

Furthermore, AlertBoot also provides MDM (mobile device management) security for smartphones and tablets, ensuring that all popular (and realistic) vectors that could lead to a data breach are covered.

Related Articles and Sites:


Comments (0)

Let us know what you think