Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/21/2008
06:54 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Protecting Bob In Accounting, From Himself

Of the hundreds of data loss incidents in 2007, it seems the majority involved some type of lost storage media or notebook. If only the companies had used, or were certain that encryption had been in place, then the customers of GE Money, Accenture, the Department of Veterans Affairs, and too many others to list would be sleeping better. It's a problem that's only going to get worse as more data is held on portable storage devices, such as USB devices, smartphones, and even MP3 players.

Of the hundreds of data loss incidents in 2007, it seems the majority involved some type of lost storage media or notebook. If only the companies had used, or were certain that encryption had been in place, then the customers of GE Money, Accenture, the Department of Veterans Affairs, and too many others to list would be sleeping better. It's a problem that's only going to get worse as more data is held on portable storage devices, such as USB devices, smartphones, and even MP3 players.It's just too tempting to toss that report, or customer data detailed on that spreadsheet, on that iPod if no other device is available.

Hey, it's better than e-mailing the data, in the clear, to your home account. Isn't it?

And if large corporations and government agencies can't seem to get into the habit of encrypting sensitive information, how can you expect Bob in accounting to do the same? Besides, encryption is a hassle. It's another step between Bob and his spreadsheets. Who needs more friction in their lives?

Security vendor McAfee hopes it's found a way to get more of us to use crypto. Last fall the company scooped up little-known startup SafeBoot for $350 million. SafeBoot was bringing to the U.S. market its data protection suite designed to encrypt files, folders, and entire drives on mobile devices: PDAs, smartphones, USB drives, and notebooks.

On Monday, McAfee said SafeBoot's technology is now part of the company's suite of data leak protection and end-point security products that aim to control how information is permitted to flow through, and out of, an organization. For instance, a company could forbid the transfer of information from desktops to removable storage devices.

With SafeBoot now part of the offering, it presumably will be easier to lock down those gadgets, so if they're lost nothing of value can be gleaned from the drive. Will Bob do it? Will more companies now use encryption?

If history is any indication: no. Most users have shunned encryption because it's clunky. But now, the excuses for not doing so are getting even thinner.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6486
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.
CVE-2012-6487
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.
CVE-2012-6488
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.
CVE-2012-6489
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.
CVE-2012-6490
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.