Security 101

6:00 PM -- Are you as outraged as I am over the theft of personal information regarding both employees and customers from notebook computers? If not, you're not paying attention. While I think the chance of identity theft or similar malfeasance from these incidents is low for any given individual, it is going to happen. And there's no reason it should. In fact, I'm left with one (OK, two) fundamental questions: Who writes this code, and how on earth did they get into computing? And what kind of IT manager allows this to happen?

To me, this is security 101 stuff. Here's how to deal with it: (1) Encrypt all sensitive data wherever it is stored; (2) Allow access to this data only by authorized users using strong, two-factor authentication; (3) Make sure the data only appears in the clear to authorized users, and never while being transmitted. VPNs are wonderful and not all that complex.

My second remedy would be put into action in the event my personal information is ever compromised due to utter stupidity or incompetence: I'm going to sue the bastards, and I'm going to invite all of you to join the class. The penalties for this kind of rubbish apparently just aren't strong enough. Since the costs to implement adequate security for any mobile data aren't all that great, there are simply no excuses. And it's time to insist that those who don't know how to build secure solutions find another job.

— Craig Mathias is Principal Analyst at the Farpoint Group , an advisory firm specializing in wireless communications and mobile computing. Special to Unstrung

Be the first to post a comment regarding this story.
Sign In