RSS Alerts

Related Links

Related Stories

  • Comment: Who can you trust with your organization’s information?
    Martyn Smith of Logically Secure looks at a number of high-profile breaches of data security and their underlying causes. He also examines how organisations passing on valuable data to third parties can assure its protection and better understand each other’s security without relying only on trust or intrusive inspections
  • RAF data loss included sensitive vetting data
    The Ministry of Defence (MoD) has omitted information that the theft of hard drives in September 2008 with data on RAF personnel also included highly sensitive RAF vetting records.
  • A breach a day will keep the patients away - information security in the health sector
    The NHS web is made up of different management structures, different information security needs, and different budgets. Cath Everett looks for a medicine that will cure information security worries across the healthcare board
  • What’s in store for 2010?
    The Noughties are behind us now, but memories of a decade of data breaches will continue to haunt the infosec professional. If only there was a way of knowing what the threat landscape would look like in the months to come. Well you’re in luck as Davey Winder has dusted off the crystal ball and spoken to a broad church of infosec professionals to get some informed predictions for 2010
  • Comment: Securing the mobile workforce and your company's data
    Andy Cordial of Origin Storage provides tips for organizations seeking to secure data in a world where mobile tools are quickly becoming primary devices for employees.

News

Encrypted MoD laptop stolen – along with encryption key

14 December 2009

The UK Ministry of Defence says one of its encrypted laptops was stolen from its headquarters in Whitehall, central London in November – along with the laptop’s encryption key.

The laptop was reported by the BBC to be the latest in a string of thefts involving MoD laptops. Over the last four years, the MoD has reported 658 stolen laptops.

Credant Technologies called the fact that the encryption key was stolen alongside the encrypted laptop “jawdropping”.

“It’s one thing to have excellent encryption on a laptop, but it’s entirely another to have the security key – presumably a USB stick or similar – located along with the machine”, said Sean Glynn, the endpoint security specialist’s product manager.

“There is little or no point in having encryption on a portable device if the authentication key is stored with the machine”, he added.

Glynn pointed out that although the encrypted MoD laptop was stored in a highly secure building, it can still go on walkabouts with rogue employees.

“To say I’m gobsmacked is an understatement. This is one of the worst lapses in government security since the infamous loss of the two childe benefit disks containing the records of millions of UK citizens in late 2007”, Glynn concluded.

Check Point’s regional director for Northern Europe, Nick Lowe, echoed Glynn’s concerns that the encryption key was stolen along with the MoD laptop, making the encryption worthless.

“This highlights a vital issue in IT security practice: never, ever leave a password, encryption key or security token near the computer it protects. Even if that computer is inside a highly secure building, there’s still a risk that a curious, or disgruntled, colleague could access the PC and data – so the security key must never be left where it could easily be found”, he said.

 

This article is featured in:
Data Loss Encryption Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water