Seems that all manner of Business, from the smallest home operation to a national initiative like NASA, is beginning to accept the need for increased security and encryption of devices. In late October, a laptop was stolen from a car parked at NASA’s Washington D.C. office that was password protected, but not encrypted. Many people believe that a password is adequate enough to detract would be hackers, but the truth is that a password is only the beginning of protection and the equivalent of a simple padlock on a door. According to the BBC, the device contained “sensitive personally identifiable information.” Depending on the nature of the theft, this sort of information from a government entity can prove to be disastrous. NASA has taken the initiative since the breach, keeping its employees vigilant against any calls from persons using the stolen NASA credentials.
Such a breach will force a business’ hand, making them reach out to their base and informing them if they’re personal information was affected by the breach. According to NASA, this may take up to two months. NASA’s track record with security breaches has been far from spotless, prompting the agency to act swiftly and proactively, now requiring either full disk encryption or sensitive file encryption– even going as far as decommissioning any laptops that aren’t protected after December 21st.
While comforting to some that NASA is finally taking strides to protect its assets, keep in mind that this particular incident solidifies Secure The World’s point about the education and empowerment of Businesses’ employees. Even through encryption, a resourceful hacker can make his way through defenses eventually. Laptops should not be left in cars(especially work devices!), and care should have been taken to conceal the device at the very least. Also, the transmission of sensitive materials doesn’t just end at device encryption. Through instant messaging, email, backups and network shares, a veritable palette of opportunity is presented to deviants in the right circumstances. Email encryption, spam filtering and network monitoring will combat phishes & network sniffers, while educating employees will allow them to prevent the leakage of confidential information through careful navigation through their work environment.
Let’s not forget cellphones while we’re on the subject, as those mobile devices share an alarming number of confidential files without a second thought given to security. Businesses should require encryption and password protection, enabling the option to wipe the phone completely after 3 failed attempts at the password or if the phone is stolen. The ball is in NASA’s court. Let’s see how well they can protect it this time.