The Boston Herald reported a laptop “holding Social Security numbers of current and former staffers was stolen out of Greater Media’s Philadelphia offices.”
Greater Media is offering credit monitoring to the impacted individuals “if staffers sign up by the end of the year.”
Another example of a potential inside job? Certainly another example of the importance of implementing strong security for mobile computers and storage media.
* Implement policies and controls to prevent entire databases of personally identifiable information (PII) from being stored on mobile computers and storage devices.
* If PII must be stored on mobile computers and storage devices, require that it be encrypted.
* Have good policies and procedures for your own particular enterprise that are consistently enforced following internally published sanctions.
* Educate, educate, educate your users to ensure they know their responsibilities, the policies and associated requirements, and the associated sanctions for noncompliance.
Tags: awareness and training, encryption, Information Security, IT compliance, policies and procedures, privacy, stolen computer, VA incident