WNYT.com reports “the Social Security Administration in New York City says that 15,000 Social Security numbers were stolen by a subcontractor who was working in Office of Temporary Disability Assistance making computer infrastructure upgrades.”
In this case the culprit is a subcontractor and succeeded either because he had the contractor’s credentials/passwords and/or the files containing the SSN info weren’t encrypted.
The problem with protecting only with userid/passwords is well understood. Passwords are generally 123456 or otherwise easily cracked. Even if the password is a good one, chances are it is used on dozens of other sites that don’t do a good job of protecting it.
In this case the password gave a “good guy” access and he went rougue.
Some organizations think that deploying Full Disk Encryption (FDE) or File and Folder Encryption (FFE) provides them the desired security level. The point often missed is that even with Full Disk Encryption or File and Folder Encryption in place, users with correct credentials can access, copy, transfer/download to USB sensitive data without any problem.
I’ve said this before and I’ll say it again: Zafesoft can prevent such incidents from both of the above. Company administrators can remove access for a suspected malicious insider at any time and even if they have the physical file with them, it’ll be in encrypted format which they won’t be able to open.
Secondly, the Zafe technology travels with the information so they wouldn’t have been able to open the files even they were a legitimate user unless they were also using an approved laptop that has been registered and authorized with the company.
Moreover the moment they copied the data and tried to open it on a non-authorized laptop an alert would have gone to Company administrators alerting them of a possible theft and they could have prevented the incident from happening.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Should You Store Passwords In The Cloud?
It seems that almost every site on the web requires a password. At least twice a week, I get an email from someone who wants me to join yet another network, which requires yet another username and password. You can cop out and use the same username and password combination, but that’s just asking for
- Devising a Data Security Strategy
Whether you are an individual who games, a work-at-home employee, a family of four that shops online, a road warrior or even a small business, chances are you have data to protect—and so this all pertains to you. Fundamentals: Antivirus isn’t enough: A free antivirus package is good, but it might not update automatically—and you need your
- 7 ways to prevent Data Theft when traveling
The threat of data theft follows travelers; there’s never a vacation from hackers. So what should the traveler do? Anticipate snooping by hackers. This way, you can prepare for the worst. If you must bring a laptop, use it as a shell to access data remotely. Leave private information behind. If this is not possible, bring
- Protect your Data during Holiday Travel
You’re dreaming of a white Christmas, and hackers are dreaming of a green Christmas: your cash in their pockets. And hackers are everywhere, and are a particular threat to travelers. Prior to leaving for your holiday vacation, have an IT specialist install a disk encryption on your laptop if you plan on bringing it along; the
- Tips for backing up and protecting your data while traveling
The season of giving is now upon us — but don’t forget, it’s also the season of stealing — and no, I don’t mean your wallet or the gift package at your doorstep, but your Social Security number, credit card information, medical records and any other highly confidential information that you have stored on your
Leave a Comment
You must be logged in to post a comment.