US airport manager fired for trying to sell lost property laptops

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.infosecurity-magazine.com/view/10851/us-airport-manager-fired-for-trying-to-sell-lost-property-laptops/

A transport security officer with Newark Liberty International Airport
in the US has been sacked for trying to sell a laptop from the lost
property office at the airport.

And, says Origin Storage, a storage systems integration specialist,
the case highlights the dangers associated with toting a laptop with
data that is in an unencrypted format on the machine's hard drive.

Andy Cordial, the firm's managing director, said that, whilst it is
worrying to hear about the moral failures of someone responsible for
airport security - including the safety of passengers as they travel
in the air - the sage sends a clear message to many laptop users that
still do not encrypt their notebook computer data.

"Although precise numbers are not available on the percentages of UK
laptop users that do not encrypt their data, a Ponemon Institute study
of early last year revealed that 56% of US business laptop users
disable or simply do not use encryption on their notebooks", he said.

"This leads us to believe that around half of the UK laptop-toting
business population are also not encrypting their notebook data, which
is very worrying when you consider the potential for a data breach
that could result - and, of course, the huge fines that the
Information Commissioner's Office (ICO) could impose for a businesses'
failure to protect its data", he added.

According to Cordial, the fact that the ICO has just published a code
of practice for securing data online is encouraging, and it is to be
hoped that the guidelines will encourage companies to mandate the
encryption of data on their employee's laptops.

But, Cordial said, he has his doubts as to whether the message on
securing data will get through, as the problem that many companies
face is that employees tend to use their own notebook computers for
work purposes.

And, laudable though this trend is, it makes the job of a company IT
manager all the more difficult, as it is often all but impossible to
extend company IT security defences and policies to a personal laptop
owned by a member of staff.

There are, he explained, all sorts of employer/employee issues that
arise in this situation, but supplying staff with a self-encrypting
laptop drive kits can solve the problem.

"The kits are an ideal solution to the problem of unencrypted data on
business laptops and, as the Newark airport sacking case highlights,
the risk of a data breach from a lost laptop are quite high", he said.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php