Attention Kmart shoppers: Backup tape management in a firefight
Most companies know that they need to keep their hardware infrastructure safe. Backup tape management, file tracking, device monitoring and data quality control are all common methods of ensuring that the information infrastructure of a business is being kept safe. These kinds of solutions are all great for static resources, those that never leave the server or data center room, but what about devices on the move? What are firms doing to make certain that these tools are not lost or abused?
It would seem that many aren’t doing enough to protect these critical assets. Whether it’s complacency or a feeling of invulnerability, these firms are creating security measures only in parts of their data networks. They’re forgetting that physical tools are just as sensitive as the files they hold.
The Chicago Tribune reported that a Kmart in Arkansas was robbed at gunpoint. The robber cleared out the day’s take, including an unencrypted tape drive that held the pharmacy’s record of recent patients. That magnetic tape device contained the names, addresses, Social Security and credit card numbers of over 700 patients, and there was no encryption or password protection on it whatsoever. If the thief is lucky enough to have a friend in IT management or has some knowledge of how to get the right program to access the files, every person on that tape could be at risk for identity theft.
Stepping up safeguards
While this is an extreme case and most corporate data centers aren’t likely to be taken at gunpoint, it highlights the issue of portable data safety. This is not a threat unique to retail centers or armed robberies. Any company that transports physical data from one place to another, be it on tape, disk or USB thumb drive, needs to have a system in place for encrypting that information as soon as it hits the storage device. Many of these items are now manufactured with safety options onboard, but companies need to ensure protocols for management and handling are being enforced.
As the Huffington Post wrote, this is an essential step for every piece of corporate hardware that ever has a chance of leaving the office. Be it a laptop, tablet, smartphone or any other piece of technology, all of these items have an inherent value that makes them targets of theft. The data they contain is also very valuable, and those interested in getting to data will have an unlimited amount of time to try and crack into minimally-protected systems such as the one Kmart was using.