What happens when you have an unlocked door at the home of and employee at the top U.S. nuclear weapons laboratory? How about 3 stolen computers with yet to be disclosed data, that was said to be non-classified. We hope. Were the computers stolen to be resold for crack? Or for nuclear weapons secrets? We may never know. Or we may find out the hard way.
At the Los Alamos National Laboratory in Santa Fe New Mexico dozens more (67 total) systems are currently listed as missing. Officials are conducting a full review of the lab’s policies and procedures governing the use of official computers at employees’ homes.
Situations like this are common in every industry with every conceivable form of data. We just wish it wasn’t data from a nuclear weapons facility.
Its important to point out that the facility has as many as 40,000 computers including desktops, laptops, PDAs, printers and so on. Do the math, less than a .25 percent lost or stolen. The lab has been documented at a better than 99.5 accountability rate.
We know there is no such thing as 100% security whether protecting from hardware or data thieves. Security is an ongoing, never ending, consistent, on your toes, don’t let your guard down, vigilant process.
And its not just criminal hackers causing big problems, lowly burglars looking for their next bag of dope stole a laptop computer from the home of a government employee containing 26.5 million Social Security Numbers, a US primary identifier. This $500 laptop cost millions.
Can you say your organization has a 99.5% success rate?
What policies do you have in place to foster a security minded culture? Here are just a few bullets as examples for you to add too.
# Cover all organizational systems used for processing, storing or transmitting personal information.
# Security risks faced assessed in the development of the policy
# Cost-effective measures devised to reduce the risks to acceptable levels
# Monitored and periodically reviewed.
# Staff and management made aware of the protective security policies and how to implement them.
Robert Siciliano discussing another hack Here