[ISN] Companies must physically protect data

From: mea culpa (jerichot_private)
Date: Sat Oct 31 1998 - 02:43:03 PST

  • Next message: mea culpa: "[ISN] `Hacktivists' of All Persuasions Take Their Struggle to the Web"

    Forwarded From: phreak moi <hackerelitet_private>
    Companies must physically protect data
    Sharon Machlis
    Mention computer security threats, and Internet hacking and password
    cracking come to mind. But at Levi Strauss & Co., sensitive data
    apparently fell victim to a screwdriver last month. 
    A hard disk containing the names, birth dates and Social Security numbers
    of thousands of employees was stolen from the apparel maker's San
    Francisco headquarters sometime in the past few weeks. Company officials
    don't know if the disk was swiped for its information or simply for the
    hardware. Officials had to warn 20,000 of the company's U.S. employees
    that their personal data may be in the hands of thieves. That information
    could be used to apply for fraudulent credit cards in the employees' names
    or to gain access to other information about them. Among the information
    on the stolen hard disk were bank account numbers of retired employees who
    opted to have their pension checks directly deposited.
    "If you have a stupid criminal, it's a $200 theft. If you have a smart
    criminal, you have a [potential] $200 million crime," said Ira Winkler,
    director of technology at the National Computer Security Association in
    Carlisle, Pa., and author of the recently published Corporate Espionage. 
    Levi Strauss employees have been advised to contact their banks and credit
    Theft of computers and components has always been a problem, but experts
    say companies need to pay more attention to safeguarding valuable data
    residing on their hardware, rather than just securing the physical
    equipment. Levi Strauss could quickly restore the data and buy a new hard
    disk. But notifying thousands of workers, sending out special information
    packets and setting up a toll-free hot line for concerned employees will
    cost considerably more. 
    "This is one of the things we've been trying to tell people for years," 
    said James Wade, director of fraud management at Airtouch Cellular Corp.
    in Columbus, Ohio, and past president of the Information Systems and
    Security Association. If a company has strong network security and
    password protection, "people will eventually figure out it's easier to
    pick up a screwdriver,"  he said. 
    Data on a machine can be worth substantially more than the hardware itself
    -- if the thief knows about it. For example, a laptop stolen from the
    British Defense Ministry in the early '90s had the entire Desert Storm war
    plan on it. The theft caused a furor among NATO allies, Wade said. But it
    is believed that data was never used and the computer was stolen simply as
    Patrice Rapalus, director of the Computer Security Institute in San
    Francisco, plans to survey members about what they do when a machine is
    stolen. She wants to know if they simply restore the data and get a new
    computer, or whether they check to see if the information would be
    valuable to an outsider. "Physical theft is not dealt with as best as it
    could be," she said. 
    "This happens a lot more frequently than companies report,"  Winkler said.
    "Every security manager I have ever spoken to tells me how they lose PCs
    on a regular basis." 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:41 PDT