Data Encryption: Arson For Covering Up Data Breach, Data Was Objective.

Generally, when an entity experiences a data breach (say, a laptop theft), it concludes the thieves were not after the data on the device, proclaiming with alacrity that they suspect the hardware was the objective of the theft, that the laptop will be wiped and resold, that clients’ data are probably safe – an assumption that rests not on facts but on wishes and outdated statistics.

So, it’s refreshing to hear that a business owner thinks that thieves were after the data when they stole computers, files, and checks.  And then torched the place to cover up their crime.

Arson

According to recordnet.com, a real estate development company’s offices were engulfed in a two-alarm fire that “required 40 firefighters to control it.”  Later, an arson investigation team concluded that assets were stolen prior to the fire.  The owner of the business, Ken Brown, said:

the fire followed by almost 24 hours a Saturday morning incident in which power to the building was cut off after the meters were stolen and the phone lines were cut.

“They came back 23 hours later so that the alarm-system backup batteries were dead. At that point, they came into our office undetected and went through our files and took bank statements, tax filings, checks, computers,” Brown said.

“Then, when they left, they took a flammable liquid and spread it everywhere to cover up their tracks,”

In addition to the unusual circumstances surrounding the fire, a fraudulent transaction for $805 has already taken place.  However, the investigators were a bit more circumspect regarding the situation, saying that they’d have to look into the matter before drawing any conclusions.  Still, a spokesperson did admit that “anytime there is a burglary and arson together, it usually leads to a little more.”

Encryption: Was It Used?

It wasn’t mentioned whether encryption software like AlertBoot was used to secure the stolen computers.  However, in hindsight, it would have been an excellent idea, since the use of encryption would prevent the presumed data thieves from doing further damage.

Of course, this observation is only valid for electronic data.  When it comes to checks and files (which I assume refer to paper documents), there is very little protection once the objects are stolen.  It’s one of the reasons why saying “electronic data is easier to protect than non-electronic data” is not so far off the mark (despite the historic levels of electronic data breaches were witnessing).

Imagine, if you will, a room where a folder sits on a desk.   It is a folder full of personal information.  Next to the folder is a USB memory stick.  It contains the same information as that found in the folder.  The room is your average office space, with your average office security.  Stealing the folder, the USB stick, or both requires a certain degree of effort.  But, obviously, the effort expended is the same regardless of whether you decide to take either one or both.  However, because full disk encryption can be applied to the USB stick, access to the data on the device can be further restricted even if it is stolen.  The same is hardly true for the folder.

Regardless of what you believe the physical security conditions to be in your workplace, digital security solutions are invaluable as deterrents, both prior and after a physical data breach.

Related Articles and Sites:
http://www.recordnet.com/article/20140829/NEWS/140839985



Comments (0)


Let us know what you think