Theft of Veterans Data Shows Security Policy Gap

By Eric Lundquist  |  Posted 2006-05-23 Print this article Print

Opinion: IT execs need to make security a priority; user behavior is more important than product choice.

Now that the personal electronic information of 26.5 million military veterans has been stolen, it is time to revisit my column, "Lundquists Guide to Not Getting Fired for Losing Your Laptop," which I wrote in March. I followed that one up with a look at port security after the L.A. Times did an article on security breaches in Afghanistan involving stolen USB devices. The theft of the vets data sets a new record, I believe, for names and data lost by poor data management on a laptop. (There has been at least one bigger potential theft, according to a New York Times chart, but that was a hack into a credit card management company.) In the IT community, such data losses result in consternation over how much sensitive data is still traveling unfettered and unwatched on laptops and USB devices, or available for an easy download over a fast Internet connection.
For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.
Why do these losses continue to happen? Is there simply a lot less common sense among executives and analysts than there should be? I dont know about common sense, but I do know that traveling about with large amounts of data simply becomes a lot easier as data transfer speeds increase and disk storage becomes limitless. While 26.5 million names, Social Security numbers and other data sounds like a lot, that database of information certainly contains a lot less data than that DVD of Star Wars. The day after the theft of the vets data took place, I was having a morning cup of coffee with two IT execs who are part of our Corporate Partner program. Their advice for other IT execs? Polices and procedures precede products in data security. The coolest encryption appliance wont do you any good if you dont know what needs to be encrypted. The hard work of writing a policy and the harder work of continuing to monitor and enforce that policy are what makes data protection plans work. Sorry, there is no quick fix to this problem, but it is an issue that should be at the top of your technology agenda. eWEEK magazine editor in chief Eric Lundquist can be reached at Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.
Since 1996, Eric Lundquist has been Editor in Chief of eWEEK, which includes domestic, international and online editions. As eWEEK's EIC, Lundquist oversees a staff of nearly 40 editors, reporters and Labs analysts covering product, services and companies in the high-technology community. He is a frequent speaker at industry gatherings and user events and sits on numerous advisory boards. Eric writes the popular weekly column, 'Up Front,' and he is a confidant of eWEEK's Spencer F. Katt gossip columnist.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel