Encrypted MoD laptop stolen – along with encryption key

The laptop was reported by the BBC to be the latest in a string of thefts involving MoD laptops. Over the last four years, the MoD has reported 658 stolen laptops.

Credant Technologies called the fact that the encryption key was stolen alongside the encrypted laptop “jawdropping”.

“It’s one thing to have excellent encryption on a laptop, but it’s entirely another to have the security key – presumably a USB stick or similar – located along with the machine”, said Sean Glynn, the endpoint security specialist’s product manager.

“There is little or no point in having encryption on a portable device if the authentication key is stored with the machine”, he added.

Glynn pointed out that although the encrypted MoD laptop was stored in a highly secure building, it can still go on walkabouts with rogue employees.

“To say I’m gobsmacked is an understatement. This is one of the worst lapses in government security since the infamous loss of the two childe benefit disks containing the records of millions of UK citizens in late 2007”, Glynn concluded.

Check Point’s regional director for Northern Europe, Nick Lowe, echoed Glynn’s concerns that the encryption key was stolen along with the MoD laptop, making the encryption worthless.

“This highlights a vital issue in IT security practice: never, ever leave a password, encryption key or security token near the computer it protects. Even if that computer is inside a highly secure building, there’s still a risk that a curious, or disgruntled, colleague could access the PC and data – so the security key must never be left where it could easily be found”, he said.

What’s hot on Infosecurity Magazine?