(May 5, 2008)
In the last year, nine memory sticks have been stolen from five Hong Kong hospitals. In all, the devices hold personally identifiable information of more than 3,000 patients, including 700 children with developmental problems. Those files also hold patient interviews, assessments, and for some, photographs and identity card numbers. A task force has been set up to investigate the thefts and develop ways to avoid similar data security breaches.
Monsters and Critics
The Standard
[Editor's Note (Schultz): A six month delay in notifying potential victims of identity theft is inexcusable. Until harsh punishments are handed out for such negligence, this kind of thing will continue to occur.]
This is becoming such a common problem that reports are being relegated to the back pages. Stolen or lost storage devices such as memory sticks, phones, portable drives and even laptops can contain critical and/or strategic information. Users in companies are demanding that their information be available to them from wherever they are. This means that payroll spreadsheets get downloaded to cell phones, business plans are saved onto memory sticks or server passwords are kept on iPods.
The IT department will never be able to roll back the tide of convenience that this brings, not should they try to. What they should do is plan for disaster when devices with critical data are lost, even in the event that the loss is not reported.
Start implementing a policy that ensures that data on mobile devices is secured. Software like TrueCrypt can secure devices under Windows, OS/X and Linux. Simultaneously develop a password storage policy to deal with the initial tide of lost or forgotten passwords for encrypted devices. Password Management software will help immensely with this task.
0 comments:
Post a Comment