VA's M.I.A. Laptop Is Rescued -- Now What?
The Department of Veterans Affairs said late this week that it recovered the now-infamous laptop that contained critical data on 26.5 million veterans and other military personnel. Some of the sordid details of the laptop’s recovery have been revealed, but what remains floating in the incident’s wake are a lot of questions. Like, who stole it, how was it recovered, why isn’t anyone in police custody for stealing it, and was Chuck Norris in any way involved in the rescue mission? (One can only hope.)
Now comes the “good news / bad news” part of this saga.
Good News: It’s good that they found the laptop (especially considering that 82 percent of laptops that are lost or stolen are never recovered -- according to mobile security vendor Credant Technologies). It’s good that the VA’s claiming that the data appears untouched (says the FBI) and there have been no reports of ID theft among the 26.5 million Veterans whose Social Security numbers were on that laptop (that would be a really bad group of Americans to screw over -- “Thanks for serving our country and possibly getting yourself killed for the good of our nation.... And, oh, so sorry about your liquidated bank accounts, bogus credit-card charges and bad credit rating for the rest of your life. God Bless America, and have a great July 4th!). And, finally, it’s good that the VA chief said they will use this incident to fix the “deficiencies” in how they handle the veterans’ personal data.
Bad News: Now they’re actually going to have to fix the deficiencies.
Though this data loss had the potential to have been catastrophic, the VA certainly is not alone in its laptop-loss transgressions. Just last week, two laptops were stolen from a locked car belonging to an analyst who worked for the Federal Trade Commission. On the laptop was more than just the standard fare of your typical laptop theft and possible data breach, however. Included in the data were individuals' names, addresses, Social Security numbers, birth dates and, in some cases, financial account numbers, the FTC said. There have so many similar incidents in both the public and private sector during past two years, it’s getting hard to keep track.
Jim Nicholson, the Veterans Affairs Secretary, said that “we have to remain hopeful [that the veterans’ personal information has] not been compromised.'' Wait. So now we’re accepting “we hope nothing bad will go wrong” as a legitimate info-security strategy and action plan? I hope not. It’s also interesting to note that on Friday news broke that the VA was now revealing two other data breaches in the past, and that its CISO submitted his resignation.
A legitimate and broader question, though, is what’s it going to take to stop more of these incidents from happening? In past articles, I’ve written about controlling the proliferation of mobile devices inside your company and creating enforceable security policies for corporate-owned devices. A policy, which has some bite to it, is a start.
Here’s the rub for IT and infosec folks, though. The potential for blunders such as these are only going to increase as workers demand more mobile computing options, and IT loads more data and corporate information onto those devices. A Forrester Research mobility report that came out in March said that right behind the number-one mobility challenge (security) was keeping pace with end-user demand. In turn, Forrester found that companies are adopting mobility devices faster than they had planned. And you know what that can mean? A shaky, chaotic mobile device management “policy” along the lines of, “Give ‘em what they (meaning, users) want right now, and we (meaning, IT folks) will take care of provisioning questions, security fine-tuning and policy enforcement later (meaning, never).” And that’s not a good plan.
What do you think about all of this? And how are you managing mobility issues inside your company? Let me know.
Print
Now comes the “good news / bad news” part of this saga.
Good News: It’s good that they found the laptop (especially considering that 82 percent of laptops that are lost or stolen are never recovered -- according to mobile security vendor Credant Technologies). It’s good that the VA’s claiming that the data appears untouched (says the FBI) and there have been no reports of ID theft among the 26.5 million Veterans whose Social Security numbers were on that laptop (that would be a really bad group of Americans to screw over -- “Thanks for serving our country and possibly getting yourself killed for the good of our nation.... And, oh, so sorry about your liquidated bank accounts, bogus credit-card charges and bad credit rating for the rest of your life. God Bless America, and have a great July 4th!). And, finally, it’s good that the VA chief said they will use this incident to fix the “deficiencies” in how they handle the veterans’ personal data.
Bad News: Now they’re actually going to have to fix the deficiencies.
Though this data loss had the potential to have been catastrophic, the VA certainly is not alone in its laptop-loss transgressions. Just last week, two laptops were stolen from a locked car belonging to an analyst who worked for the Federal Trade Commission. On the laptop was more than just the standard fare of your typical laptop theft and possible data breach, however. Included in the data were individuals' names, addresses, Social Security numbers, birth dates and, in some cases, financial account numbers, the FTC said. There have so many similar incidents in both the public and private sector during past two years, it’s getting hard to keep track.
Jim Nicholson, the Veterans Affairs Secretary, said that “we have to remain hopeful [that the veterans’ personal information has] not been compromised.'' Wait. So now we’re accepting “we hope nothing bad will go wrong” as a legitimate info-security strategy and action plan? I hope not. It’s also interesting to note that on Friday news broke that the VA was now revealing two other data breaches in the past, and that its CISO submitted his resignation.
A legitimate and broader question, though, is what’s it going to take to stop more of these incidents from happening? In past articles, I’ve written about controlling the proliferation of mobile devices inside your company and creating enforceable security policies for corporate-owned devices. A policy, which has some bite to it, is a start.
Here’s the rub for IT and infosec folks, though. The potential for blunders such as these are only going to increase as workers demand more mobile computing options, and IT loads more data and corporate information onto those devices. A Forrester Research mobility report that came out in March said that right behind the number-one mobility challenge (security) was keeping pace with end-user demand. In turn, Forrester found that companies are adopting mobility devices faster than they had planned. And you know what that can mean? A shaky, chaotic mobile device management “policy” along the lines of, “Give ‘em what they (meaning, users) want right now, and we (meaning, IT folks) will take care of provisioning questions, security fine-tuning and policy enforcement later (meaning, never).” And that’s not a good plan.
What do you think about all of this? And how are you managing mobility issues inside your company? Let me know.
Previous Post: The Two Most Dreaded Words in TelecommutingNext Post: What Kind of a Vacation Is This?
Most Discussed Posts
Cloud computing has emerged as one of the most significant game changers to hit the technology landscape in the past 20 years. With this massive expansion of the cloud, the perception of the IT organization is shifting from a utility player to a change agent. This eBook breaks down five ways progressive organizations are using cloud-based IT Management solutions to help drive innovation and become more strategic, including: adding visibility and analytics, speeding up time-to-value, lowering costs, improving prioritization, and providing a blueprint for future cloud deployments.
Read the white paper to see how IBM helped Citigroup deliver new services and enhancements to their 200 million customers faster.
There are 3 ways to modernize legacy applications: rewrite completely, acquire packaged solutions or migrate existing code. This paper explains why it's best to migrate and how IBM® Rational® software can help.
Accommodating specific lines of business can result in a hybrid ecosystem of applications and servers. The resulting complexity of this architecture makes for an environment that is costly to maintain and difficult to change when addressing new challenges.
This whitepaper will help you to define a mobile device passcode policy. Security managers must attempt to reconcile two opposing goals. They must: 1) create a passcode policy that is strong enough to protect the device if it is lost or stolen, while: 2) not annoying users with needless length or complexity.
This whitepaper, authored by The Radicati Group, looks at the key reasons organizations should consider moving to a cloud-based archiving solution. Email archiving solutions enable organizations to store, monitor, and collect electronic data exchanged by their users to comply with internal policies and regulations.
ATERNITY will showcase a 30-minute demo on how Fortune 500 companies are leveraging its award-winning FPI Platform to deliver a user-centric approach to Proactive IT Management.
For businesses to move forward and tap into the ever-expanding universe of Internet users and network-enabled devices, it's critical to learn how to make the transition to IPv6. Learn the critical steps your organization must take to make a seamless transition-and keep your business world connected.
Learn how IT teams can protect against spear phishing tactics. Harry Sverdlove, chief technology officer of Bit9 offers a frank discussion about spear phishing - the most common technique used in today's advanced attacks.
Learn how to build a solid business case for your migration to Red Hat Enterprise Linux so you can run leaner, innovate faster, be more flexible and own the New Now.
Social media isn't about you; it's about everything around you. As you consider how your customers want to communicate with you, social media is something that can't be ignored. But what should your strategy be? Is social media "just another channel?" What kind of a plan makes sense for your contact center and for your customers? Join our experts as they share their insight and research results.
Hardware tokens were a popular method of strong authentication in past years but the cumbersome provisioning and distribution tasks, high support requirements and replacement costs have limited their growth. The additional log-in steps that hardware tokens require and the resulting user frustrations have limited adoption and make them impractical for larger scale partner and customer applications.
Sponsored Links
