Weekend reports that the Ministry of Defence is investigating the theft of a laptop – together with a security key used to decode the data on the notebook – is jawdropping in its apparent lack of common sense.
It’s one thing to have excellent encryption on a laptop, but it’s entirely another to have the security key – presumably a USB stick or similar – located along with the machine.
This smacks of lax security on a scale that is breathtaking in its crassness. There is little or no point in having encryption on a portable device if the authentication key is stored with the machine.
This is the encryption equivalent of leaving yellow sticky notes detailing user passwords on the edge of a PC monitor, and then wondering why the machine’s security is compromised.
Even if the computer is stored in a highly secure building, as appears to have been the case with the MoD laptop, there is still every chance that the machine can go walkabout, as rogue employees are rapidly becoming just as much a threat to the data of organisations as external hackers and malware, he explained.
The fact that the laptop was stolen from the MoD’s headquarters in Whitehall, and appears to be one of several similar thefts from the building is extremely disappointing. If the MoD can’t vet its own staff and stop these thefts happening – and also fail to implement an understanding of why and how security systems operate in its staff – then what hope is there for civilian organisations?
To say I’m gobsmacked is an understatement. This is one of the worst lapses in government security since the infamous loss of the two child benefit disks containing the records of millions of UK citizens in late 2007.
For more on the MoD encrypted laptop fiasco: http://bit.ly/5L8yT7