Posts by Dave Brooker

Smaller means more likely to be lost

This LG looks fantastic and the bit about Linux is wrong. Whatever you think XP plus 160Gb disk plus really lightweight etc means this will sell in spades. However the smaller it is the more likely it will be lost, left in a cab or pinched. It needs a data protection tool such as Backstopp to make sure all that 160Gb of data does not become somebody else's.

Criticism of the cost is daft because 3 (and all the others soon) are offering £450 against a data contract so to all intents and purposes it will be for nothing, in fact the retailer will make £100odd on the hardware alone so will market this with gusto. Phones 4 u are already doing it. No price complaint surely.

Remember, as Shaw Taylor said - keep it safe.

This is nothing new

Data deletion is what matters, not the retrieval of the hardware. Even if the police get it back the company that lost it won't be able to get their hands on it as it may be used as evidence. Mobile broadband through GSM/3G is a far quicker way to get to a device and as this is becoming increasingly popular tools such as Backstopp will get the job doen quicker.

Delete the data

Humans equal human error. It will always be the case so we should be able to react to disasters. Deleting the data of a lost device before somebody can get to the data must be the best way to go. Might have been tough in this case though because they don't even know if the laptop was lost.

People make mistakes but the gov thinks that procedures are enough

The government is completely complacent about data security. The civil servants don't care because the fall guys are always the ministers and they know for sure that they will always get another minister.

If at last we all accept that the involvement of humans could allow human error to creep in then this misguided belief that an occasional roilocking, some Swiss cheese procedures (holes) or even encryption tools are enough will be debunked and more care will be taken to use the increasing communications networks to locate devices and ensure that any data, encrypted, password protected or whatever is wiped out.

If this were to happen and proof to be available so the minister or a CEO or whoever could admit the human error but tell the world with absolute confidence that while the (cheap) device has gone the data has been vapourised then these stories would go away.

PS - I wonder whether the Daily Mail is going to run this story after last week's debacle there.

What about 'after the event' security?

If all organisations used a 'morning after' tool they wouldn't need to worry about encryption. Once a laptop is reported lost or stolen it can be located through the mobile phone network and the data deleted before the machine has even completed the boot sequence.

The thief has a blank laptop but so what, the owner has a report that states categorically that all the data was deleted, where and when. It can even triangulate and locate the laptop so if the police were interested they could pinpoint it on a map.

This could change the world

Face facts - people make mistakes

I struggle to understand why people can't just accept that human error exists in every sphere of life but especially with low paid, poorly motivated staff. We will never implement the perfect set of procedures that are perfectly adhered to.

Better to make sure that when something goes wrong we are ready for it. The Fire Brigade does it. They spend much of their time educating us about fire prevention but they don't refuse to put fires out because somebody got it wrong. They are ready and they act.

In data loss situations, especially on trackable hardware such as laptops, it makes sense to have your up front procedures and encryption programs but these are only reliable until one goes missing (they do in their hundreds). When that happens it is better to track it using the comms infrastructures that exist, delete any sensitive data and produce a report that proves all sensitive data has been scrapped. That way nobody gets fired and individuals can rest at ease.

OK, so the thief gets a piece of tin that he can sell in the pub but who cares? It's so cheap anyway that you can buy a new laptop, reinstall the latest image with data and get on with life.

Why can't we accept human error and be reactive as well as proactive

The majority of the fire service's activities are based around prevention rather than cure. This is perfectly sensible but there are still fires that they have to put out, people cut out of cars and cats recovered from trees.

There are all sorts of proactive ways to 'ensure' data security on computers or other devices but let's face it computers and their data are stolen. This can not be denied, all over the modern world. When this happens it is not good enough to blame a junior official or to dissect internal procedures. Somebody has to react. In the recent case of the HMRC disks then the police are now scraping around in landfills, hoping for the best. But with computers, in particular mobile computers, this needn't be the case.

A stolen laptop can be located anywhere in the world that there is a mobile phone signal (quite some estate) and before a potential data thief can start probing the contents the data can be deleted to US Department of Defense standards (seven sector sweeps). Surely this method provides a level of reassurance not previously available.

I have seen companies such as Virtual Network Partners who claim to be able to offer a similar service to this. There is more information at www.virtualnetworkpartners.eu

Human error is unavoidable

All the above points are very salient but the reality is that human error occurs no matter how stringent an organisation's policies are. Tools to stop access to sensitive data are all very well but the really smart baddies will get round them.

Also, all the comments talk about customer or patient records as sensitive data but these are the crown jewels. Any laptop, professional or personal will have something on it that will be deemed to be sensitive, perhaps an e-mail or even a letter to a client confirming the contents of a meeting.

Far better would be to accept human error and adopt tools that react to them. If a laptop goes missing why not wait for it to wake up and then delete all data on it, as it boots. By the time the crook has got past the password he is confronted with a blank PC. The organisation that lost it has a report confirming the delete, where and when so there is no need for fines and negative publicity can be avoided.