[ISN] Federal data still vulnerable a year after VA laptop theft

From: InfoSec News (alerts@private)
Date: Mon Jun 04 2007 - 22:16:08 PDT


http://www.fcw.com/article102889-06-04-07-Web

By Richard W. Walker
June 4, 2007

A year after a laptop computer was stolen from the home of a Veterans 
Affairs Department employee, federal systems are still vulnerable, 
according to a study released today.

A Telework Exchange survey of 258 federal employees found that 13 
percent dont have encryption on their newly issued laptop PCs, compared 
with 11 percent in June 2006 before VA announced that the stolen laptop 
contained information on about 26.5 million people.

Sixty-five percent of the workers in the study said their agencies 
reinforced security policies after the VA incident, although fewer than 
half reported that their agencies provided them with additional training 
(48 percent) or updated encryption and other protection technologies (47 
percent). Moreover, 16 percent said their agencies didnt react at all to 
the incident.

The survey also revealed that although those who telework and those who 
dont have about the same awareness of their agencies security policies 
97 percent compared to 96 percent, respectively teleworkers are more 
likely to have received training on data security, have encryption on 
their laptops and have antivirus protection on their work PCs.

According to researchers, nonteleworkers are the Achilles heel of 
federal data security. Fifty-four percent of them said they carry files 
home and 41 percent reported that they log onto their agencys network 
from home.

These unofficial teleworkers are removing data from the office and 
working remotely in unauthorized locations, and therefore constitute a 
major risk in data security, researchers concluded.

Nonteleworkers represented 52 percent of the respondents in the survey, 
teleworkers 48 percent.

Researchers recommended that agencies audit and assess unofficial 
teleworkers; implement and update policies, training, and technology to 
reinforce data security policies; and make sure that all laptop and 
desktop PCs, regardless of whether the user is a teleworker or 
nonteleworker, have data encryption and security protection.

The survey, conducted last month, was underwritten by Utimaco, a data 
security firm.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon Jun 04 2007 - 22:24:05 PDT