Encrypt your backups … or else!

February 2, 2006 by
Filed under: Uncategorized 

ITworldCanada reports: “Backup data on 365,000 patients stolen from car”

About 365,000 hospice and home health care patients in Oregon and Washington are being notified about the theft of computer backup data disks and tapes late last month that included personal information and confidential medical records.

The tapes and disks were taken home by the employee as part of a backup protocol that sent them off-site to protect them against loss from fires or other disasters.

It’s still common practice in many organisations (especially smaller companies) to allow/encourage the IT staff to take backups home instead of using professional, secure storage. I used to do it, but times have changes and companies just can’t afford the risk of tapes “going missing” – whether they’re lost or stolen, it’s a security concern (even if it isn’t personal data) and doesn’t reflect well on the organisation.

The data on the tapes was encrypted, Walker said. The data on the disks was in a proprietary file format that was not encrypted, but “is stored in a way that would make it difficult, if not impossible, for someone to access it, then make any sense out of it,” he said.

Was it or wasn’t it? I suspect it wasn’t and the “proprietary file format” is probably just a plain text file that any twelve year old could interpet in under an hour.

Encryption software isn’t cheap, but if you don’t invest in your infrastructure you can expect it to bite you eventually. Of course encrypting it won’t stop you losing a tape, but at least if one does go missing you can safely say that your customers’ data hasn’t been compromised.

…And no, the old adage of “any publicity is good publicity” isn’t true. :)

Tags:

Comments

2 Comments on Encrypt your backups … or else!

  1. paul on Fri, 3rd Feb 2006 10:04 am

    2. From the latest (print version of) ComputerWorld Canada, there’s a half-page piece on encrypting backups plus an interesting pie chart – the title is “Are companies encrypting data on backup tapes?” and the results are: 60% never(!!), 12% don’t know, 12% seldom, 9% frequently, and 7% always.

  2. paul on Fri, 3rd Feb 2006 10:07 am

    3. Aha! Here is the article online, but the pie chart isn’t included.

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!