Wednesday, October 17, 2007

More stolen laptops with personal information

Once again some laptops have been stolen which contain lots of personal information. The solution by the TSA is to require encryption. Perhaps they were just trying to keep up with the data loss experts here in the state of Louisiana where our LOFSA organization who recently lost thousands of student records and financial information. Incredible. And in a stunning display of stupidity, LOFSA decided to wait for weeks to tell us. Because, you know.. this isn't time sensitive or anything.

Bruce Schneier and other security gurus have written extensively about the false security of companies and organizations who fail to notify their customers, and the regularly exposes companies trying to hide their ineptitude. The only solution to data theft is the same as the solution to the Tylenol product tampering case. Massive overwhelming immediate disclosure and response. Johnson & Johnson, to their credit, did not try to PR their way out of that mess. They knew there was only one way to save the company after millions of customers now feared their products, overwhelming action. Millions were spent to recall and destroy existing stocks of tylenol, and the company, this is key, *wanted you to know*.

LOFSA could have bought credibility by immediate disclosure and reassurance that they were doing everything to protect us, but they decided to try to hide. The TSA keeps losing laptops and reacts rather than pro-actively protects.

What does this have to do with you? Encrypt YOUR laptop, YOUR data. If it's bad enough for thieves to get your name and identity, imagine how bad it would be if they got your whole laptop. Encrypt today!

No comments: