Cars Are Great for Securely Storing Computers and Sensitive Data…NOT!

Ever since computers went mobile, it seems people have been determined to use their cars as computer lockers, despite the fact that cars are a prime target for theft.  Computerworld reported (http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,108101,00.html?source=NLT_BNA&nid=108101) today that on December 31, 2005 an employee of the Providence Health Systems reported computer backup tapes and disks containing information on 365,000 patients were stolen from his car at his home.  The data was not encrypted.  And, here’s the kicker, "The tapes and disks were taken home by the employee as part of a backup protocol that sent them off-site to protect them against loss from fires or other disasters."   Um…yeah…  Well, the spokeman for the healthcare system indicated that practice has now been stopped.

NOTE:  Cars are not secure storage locations for computers or storage media with sensitive data; not even if they are locked.

It seems it always takes an incident to convince some people that bad things can, and have, and probably will eventually, happen when you do high risk activities.

I believe the number of times computers and storage media get stolen from cars, within stolen cars, or from on top of cars (around 10 years ago the CEO of a large multinational company left his laptop on top of his car in the parking lot while he went back in the building to get something…surprise!  It was gone when he returned) is much larger than what is reported.  I know many risk managers have told me that when such incidents happen they write off the computer hardware/software loss with their corporate insurance coverage program, or sometimes tell the employee to file a claim with their home property insurance.  Most employees don’t do this because they do not want their insurance coverage to be impacted, and they also do not want to file a police report that most insurance companies require.

On May 23, 2005 it was reported (http://www.infoworld.com/article/05/05/23/HNmcidatastolen_1.html?DESKTOP%20SECURITY) that a laptop containing information about 16,500 current and former employees was stolen in April, 2005 from a car parked in the home garage of an MCI financial analyst.

NOTE:  Cars are not secure storage locations for computers or storage media with sensitive data; not even if they are locked.

Ameriprise Financial reported yesterday (http://www.twincities.com/mld/twincities/business/13712493.htm) that a company laptop containing clear text information, including names and Social Security numbers, for 225,000 clients was stolen from an employee’s car at an "undisclosed" location out of state.  What is even more disturbing about this is that the Ameriprise spokesperson, Andy Macmillan stated "We view this is a low-risk situation."

NOTE:  Cars are not secure storage locations for computers or storage media with sensitive data; not even if they are locked.

Technorati Tags


Leave a Reply