Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Hard drive disposal data loss avoidable with encryption

Credant Technologies : 19 May, 2009  (Technical Article)
Full disk encryption would have saved Pfizer from having lost hard driver data when employ threw a unit away by mistake
Credant Technologies says that a security gaffe resulting from an employee at health service company Pfizer throwing an apparently surplus hard drive into the rubbish would not have happened if the data were encrypted.

Michael Callahan, the military grade encryption specialist's senior vice president, said that the fact that the company has had to write to the people affected - whose names and social security numbers were apparently listed on the hard drive - and offer them credit and ID theft monitoring is both expensive and embarrassing for the company.

'If the health services company had adopted an encryption policy on its sensitive data - whether the data is in transit or at rest - then the accidental disposal of the drive by the New Hampshire staffer wouldn't have been the headline news for the company,' he said.

'What makes the case interesting from a policy enforcement approach is that the employee threw the drive into the trash at his home, which means that office security protection systems wouldn't have stopped this from happening,' he added.

According to Callahan, this is where an encryption policy on sensitive data can act as a safety net to prevent embarrassing situations like this from hitting the headlines.

The important take-out from this incident, he explained, is that it proves the need for a multi-layered set of IT security defences in a typical organisation.

Obviously, he said, office security policies would have spotted the unauthorised disposal of the hard drive in the company trash and the drive would have been intercepted by the site security staff.

At home, he added, the employee was effectively outside of the control of the office security systems and, as such, the contents of their hard drive was at much greater risk then normal.

And this, he noted, is where a company-wide encryption of sensitive data policy would have stepped in to prevent employee stupidity from costing the company money and avoiding red faces in the boardroom.

'It's worth noting that this isn't the first time that Pfizer has been hit by data breaches. During 2007 and 2008 the company hit the headlines several times. It is to be hoped that this latest data security incident triggers a review of the firm's encryption policies and procedures,' he said.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo