This is really beginning to get to me. With the proliferation of laptops in our society, you would think that knowledge of security would begin to rapidly spread as well. However, this is the second story in less than a week of a laptop being stolen from a car. Now, if this was an office of some sort, with semi-inconsequential data it would be understandable. But it seems that more and more, Healthcare IT staff are carrying around patient data on their personal laptops. These are people who are carrying around credit card info, banking numbers, social security numbers, Names, dates of birth. And i still wouldn't have a problem with it if they would take some sort of rudimentary precautions to ensure the protection of the data. However, there have been cases of IT staff storing full system backup tapes, laptops, USB Crypto keys, and entire servers in the back of their cars. They are then completely amazed when these top-level security measures are thwarted by a crook with a crowbar. This latest incident occured after a British IT worker for the NHS trust left his laptop unsecured in his car, along with 21,000 patients details. To make things worse, none of the information was encrypted. So the thief now has complete access to any and all patient data. The NHS trust reinforced the now common perception that they were completely technologically incompetent by stating (trying to make the situation better) "the data will almost certainly by wiped by the thief"
What steps should you take in order to secure a system from theft?
A. Set a Bios Level Password
B. Set at least a 14 digit password.
C. Require some sort of Biometric Authorization for Access
D. Always keep your data in an encrypted folder
E. If practical, Hide private data inside of another file
F. Keep any backups in humidity controlled, insulated environment.
G. Rule of Thumb: If your system can be seen, its public data.
H. Thumb of Rule: If your system is in your car, it deserves to be stolen.
-
No comments:
Post a Comment