Well what can I say? We have written about this before and it seems no one listens. A company that works with the TSA and registers customer for the VIP (Verified Identity Pass) travel program lost a laptop. This contained 33,000 records of people who were on the VIP program. The laptop had two layers of password protection they say, it was in a locked office with security cameras. The laptop contained customer names, addresses, birth dates, and in some cases driver's license numbers, passport numbers or alien registration numbers. The laptop did not contain credit card or Social Security numbers, or biometric information such as fingerprints the company said.
"We don't believe the security or privacy of these would-be members will be compromised in any way," VIP CEO Steven Brill said in a statement. "But out of an abundance of caution, and in keeping with a policy of always leveling with our members, we wanted to issue this warning regardless of which state law may or may not require it."
I am sorry but WAKE UP MR.CEO and get with the program!!!!!!!!
If you lose someone's information such as address, birth dates and drivers licenses and you think that this is not a security breach that will affect customers? This is the problem we have with some C-Level executives in this world, not a clue when it comes to security. I would wonder if he is now taking this time to fire his CISO or CIO for this security problem and breach. Mr. Brill you need to encrypt every computer you have no matter where they are, also you need to put end point security on each computer to stop people from using USB or CD\DVD drives to burn information off the computer. I bet you did not think of that one.
The TSA requires Registered Traveler vendors to encrypt personal data, said TSA spokeswoman Ann Davis
The big question is with this major security breach what will the TSA do? They said VIP will be required to submit an independent audit, verifying that required security measures are in place. The TSA agency will verify the audits before VIP can resume its Registered Traveler program, Davis added. We think they should be fired as a agent, if you lost your information you would say the same thing. But the government is going to look the other way from what it seems if they can come back to be compliant.
VIP is also offering affected customers free identity theft protection, the company said. A little too late?
The point of this is to show what can happen if you do not take steps to encrypt all of your computers and put endpoint security on every computer. Pluto Networks is a partner with a major Full Disk Encryption Player and we talk to customer about this all the time, you would be amazed at the number of C-Level executives and network administrators who think they know more than us. I have heard it too many times; it will never happen to us, our computers are locked down through active directory. They have no clue.
So don't be the next headline, take security seriously and encrypt. If you have questions or need an evaluation of a product for your company please send me an email or post here.
Please tell us, does your company use a full disk encryption product and are you happy with it? If you are not using full disk encryption why?
Larry Chaffin Ph.D is the Chief Executive Officer/Chairman and founder of Pluto Networks, a Consulting and VAR partner specializing in WAN Acceleration, VoIP, WLAN, Telepresence and Security and a Riverbed reseller. Pluto Networks specializes in the needs of small, large and enterprise companies by always giving them a great ROI on the products they sell. Pluto Networks has a presence in 23 countries around the world enabling all of its consultants to be virtual. Larry was a Judge at Interop for the Best of Interop Awards for 2009 and is looking forward to the 2010 awards in Las Vegas.
Larry has also co-authored all of the books listed below:
Managing Cisco Secure Networks, Skype Me, Practical VOIP Security, Configuring Check Point NGX VPN-1/Firewall-1,Configuring Juniper Networks NetScreen & SSG Firewalls,Essential Computer Security: Everyone's Guide to Email, Internet, and Wireless Security, How to Cheat at Microsoft Vista Administration, Microsoft Vista for IT Security Professionals, Asterisk Hacking, 2008 VoIP and Video Conferencing, Infosecurity 2008 Threat Analysis and author of Building a VOIP Network with Nortel's MS5100, along with co-authoring/ghost writing eleven other technology books for VIOP, WLAN, security and optical technologies. Larry is currently working on a follow up to Building a VoIP network with Nortel's MCS 5100 Book as well as new books on Cisco Telepresence Networks, Practical VoIP case studies and WAN Acceleration with Riverbed.
Larry also has more than 29 vendor certifications and has been working on many others. Larry has been a principal architect around the world in 22 countries for many Fortune 100 companies designing VoIP, security, wireless and optical networks. He has expanded over time also to include application acceleration. Larry is working with worldwide company now out of Asia as a Special Assistant to the CEO and CIO as they go through organizational and network changes, helping them with strategic advice from his years or experience. Pluto Networks is a channel partner of Cisco, ProCurve, LifeSize, Riverbed, Call Copy, Fastsoft and Symantec.
The Leader in Network Knowledge
Nice ad for Pluto Networks.
Nice ad for Pluto Networks.