Everyone fears losing their luggage or having a bag stolen while traveling, but few people would think that this stroke of bad luck could result in a data breach.
But that's just what happened to one University of Maine professor. The Bangor Daily News reports that the professor's laptop bag was stolen while traveling, potentially compromising Social Security numbers for 600 former students. The professor's laptop was encrypted, so why is the university concerned about a data breach?
As it turns out, the professor kept a record of student grades and other information on a media card plugged into the laptop. While the machine's hard drive was encrypted, the media card was not.
Though many aspects of the story are unique, two things are fairly typical:
- A well-meaning employee exposed data by using their own technology.
- Old technology and simple storage devices (like thumb drives) are liabilities because they often don't have the level of encryption and security required for commercial use.
2 Reasons Old Technology Can Pose the Biggest Threat
As an IT consultant whose job depends on staying current and being able to support the latest technology and software, you might forget that sometimes it's the old computers, software, and devices that pose the biggest threat to your clients' security.
Why should you be concerned about old technology? Two reasons:
- Old technology breaks or becomes obsolete and you need to take data security precautions when replacing and disposing of it.
- Older technology lacks the data security of more modern equipment.
Many businesses don't realize that when they toss out old computers, they could be exposing their company to a data breach. To combat that hazard, remember that data security is about the chain of custody. Throwing a hard drive in the trash is clearly a break in the chain of custody as businesses won't know what happens to the data on the drive after it leaves their office. Believe it or not, this carelessness has led to many data breaches.
The second hazard of old technology is more obvious: its data security is often spotty. Over the last 15 months, the spree of retailer data breaches has largely been facilitated by obsolete point-of-sale systems. As we reported last year in "End of XP Support from Microsoft Could Affect Retailers," most POS systems relied on a stripped-down version of Windows XP.
Just like the professor, a client's employee is probably using some of their own personal technology to do their job. The modern workplace is a jumble of technology. Your clients' employees show up for work with their own smart phones, tablets, and thumb drives. As we reported in "Survey: 88% of Us Laying Out the Welcome Mat for Hackers," the vast majority of employees use non-approved "shadow IT" at work.
The risks your clients have are often institutional. Their employees don't think twice about using an app or thumb drive to transfer data. They've never been taught that this is reckless behavior. For tips and strategies to help you educate employees about data security, check out our customer education kit. This free resource can help you dispel some of your client's misconceptions about their security.