AT&T Laptop Theft - Physician Heal Thyself?
Would you listen to a doctor who told you to clean up your act while he puffed on a cigarette and sipped scotch in the middle of the day? I wonder if AT&T customers will feel similarly about their managed encryption service after an AT&T laptop containing unencrypted personal data (including salaries and bonuses) was stolen from an employee's vehicle.
NetworkWorld gives details of the incident, including excerpts from an email sent to affected employees as well as a Q&A session. This isn't exactly the kind of buzz you'd like after launching a managed encryption service.
If network professionals don't follow their own advice why would anyone else? I've argued that education is a key component of data loss prevention. AT&T seems to agree (from NetworkWorld):
Q8. How could this have happened?
A. This was a criminal act by an unknown person. AT&T is taking proactive measures to remind employees of the need to protect company property to avoid such incidents in the future.
Training complements, doesn't replace, encrypting confidential data. And, this one can't simply be blamed on "one bad apple" who didn't encrypt his/her laptop if there turns out to be a pattern of storing confidential information in unencrypted form on mobile devices. Saying there are policies in place isn't enough either. Writing policies is like wearing buttons with political slogans - it's the follow through that really matters.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
