[IP] Encrypt Data or Invite Disaster
Begin forwarded message:
From: "John F. McMullen" <observer@xxxxxxxxxxx>
Date: June 27, 2005 7:30:54 PM EDT
To: johnmac's living room <johnmacsgroup@xxxxxxxxxxxxxxx>
Cc: Dave Farber <farber@xxxxxxxxxxxxx>
Subject: Encrypt Data or Invite Disaster
From eSecurity Planet -- http://www.esecurityplanet.com/prevention/
article.php/3515811
Encrypt Data or Invite Disaster
By Steven Warren
In todays workplace, stealing information doesnt require a covert
Special Forces team: It is often done by an employee armed with a 5
GB USB flash drive. And your unsecured, unencrypted network invites a
hacker to compromise a server or workstation holding sensitive data.
But you dont have to be vulnerable. There are plenty of options
available today for securing/encrypting your data and many of these
options are just overlooked.
Consider in recent news the security breach where hackers obtained
access to more than 40 million credit card accounts. Could this have
been avoided?
Yes! If the data had been encrypted, we wouldnt have 40 million
people losing sleep.
In other news, Citigroup announced that 4 million consumer records,
stored on magnetic computer tapes, were mysteriously lost during a
shipment by UPS to a credit reporting agency.
Guess what? Those tapes were not encrypted. And the list of examples
goes on.
With this string of incidents, it is very clear what has to happen.
We must start encrypting our data. It is essential.
Options From Enterprise to Workstation
Encrypting your data does not have to be an expensive rollout like
moving from NT 4.0 to Active Directory. There are many types of
encryption, from complete encryption at the enterprise level down to
the often overlooked encryption of an individuals workstation. With
so many options, your perfect solution is surely available.
For example, MCI is now evaluating stronger security measures
following the theft of a laptop containing Social Security numbers
and names of 16,500 current and former MCI employees. The laptop was
stolen from the employees car. The computer was password protected
but there has been no comment on whether the data was encrypted.
I believe encryption is as important as a firewall. You wouldnt leave
your network unprotected by a firewall -- we all know thats as
foolish as just giving a hacker your enterprise or domain admin
password. Nor should you leave your sensitive data unencrypted;
encryption ensures that your data is secure.
But how, specifically, might encryption be useful to you?
When you send an email of sensitive information, encryption provides
security that no unauthorized parties have access to your data. If
your password is encrypted, it cannot be duplicated by anyone else so
it ultimately proves your identity when you sign on to a computer or
use a smart card or an RSA device.
When you sign an email with an encrypted signature, the email cannot
be changed or modified without changing the digital signature. Using
digital signatures provides you with proof that a document has not
been compromised.
Create and Enforce An Encryption Policy
Encryption can be used for email exchange as well as to encrypt
documents on your hard drive. Encryption is used when logging onto a
system, SSL connections on the web, and on anything that is sensitive
within your business model.
Just as you have a disaster recovery plan, you should also create an
encryption plan for your organization. Make it corporate policy to
digitally sign every email. Configure encryption over your remote
connections. Use encryption technology to encrypt the entire contents
of your hard drive.
With the amount of data being too frequently compromised, not having
an encryption plan for your company is security suicide. September 11
was the disaster recovery wake-up call for many companies who lost
everything because they didnt have a plan in place; many companies
quickly got their acts in gear after the fact to have disaster
recovery sites configured.
Not having an encryption plan may not quite stop you dead in your
tracks as failure to have disaster recovery did for some, but it
could cause your stock to fall, profits to decline, and peace of mind
to be shattered. Do yourself a favor and configure an encryption plan
for your company today.
Steven Warren is an IT consultant for the Ultimate Software Group and
a freelance technical writer. He has a forthcoming 'how-to' book on
VMware Workstation and holds
Copyright 2005 Jupitermedia Corporation
*** FAIR USE NOTICE. This message contains copyrighted material whose
use
has not been specifically authorized by the copyright owner. The
'johnmacsgroup' Internet discussion group is making it available without
profit to group members who have expressed a prior interest in receiving
the included information in their efforts to advance the
understanding of
literary, educational, political, and economic issues, for non-profit
research and educational purposes only. I believe that this
constitutes a
'fair use' of the copyrighted material as provided for in section 107 of
the U.S. Copyright Law. If you wish to use this copyrighted material for
purposes of your own that go beyond 'fair use,' you must obtain
permission
from the copyright owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
"When you come to the fork in the road, take it" - L.P. Berra
"Always make new mistakes" -- Esther Dyson
"Any sufficiently advanced technology is indistinguishable from
magic"
-- Arthur C. Clarke
"You Gotta Believe" - Frank "Tug" McGraw (1944 - 2004 RIP)
"To achieve, you need thought. You have to know what you
are doing and that's real power." -- Ayn Rand
John F. McMullen
johnmac@xxxxxxx johnmac@xxxxxxxxxxxx johnmac@xxxxxxxxxxxxxxxxxx
johnmac@xxxxxxxxx johnmac@xxxxxxxxxxx
jmcmullen@xxxxxxxxxxxxxxxxx johnmac@xxxxxxxxxxxxxxx
ICQ: 4368412 Skype, AIM & Yahoo Messenger: johnmac13
http://www.westnet.com/~observer
BLOG: http://johnmacrants.blogspot.com/
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/