Cyber Security Today: Nov. 19, 2018 — Good news, bad news on encryption

Today’s podcast is about the good the bad and the ugly of passwords and encryption. Welcome to Cyber Security Today. It’s Monday November 19th. To hear the podcast click on the arrow below:

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Today I’m going to talk about recent password and encryption screwups. And they are screwups, because they put personal information about people at risk.

First up is the unprotected database of millions of text messages left open on the Internet. They’d been sent through a San Diego telecommunications company called Voxox. The database included password reset links, two-factor codes, shipping notifications and other information that could have read. According to the news site TechCrunch, a German security researcher discovered the database, which had been left on an Amazon cloud storage server. Now, many companies use cloud storage services from Amazon, Microsoft, IBM and others to temporarily store and process data, But employees have to be schooled that any company data that goes into the cloud has to be encrypted. Unfortunately there are many cases where staff apparently ignore the rule or think, ‘This data isn’t important.’ Unfortunately, they’re wrong.

Next up: A reason why organizations need to encrypt every storage devices that holds sensitive data: The city of Amarillo, Texas last week said an outside company doing a security payroll audit lost a flash drive with city employees’ names, addresses, bank deposit information, dates of birth, and social security numbers. Presumably an employee of the consulting firm had taken a copy of the data for processing on its own computer. Fortunately, the drive was encrypted. If the consulting firm used strong encryption, the likelihood of it being unscrambled by criminals is low. The news story doesn’t say what kind of a drive was used, but I assume it was one of those little drives the size of a finger. They’re easily lost, fall out of pockets, briefcases or backpacks. I attach the lanyards you get at conferences or a keychain to mine so they don’t easily go missing. Consulting firms who do this kind of work should think of using more expansive portable hard drives, which are the size of a small paperback. They won’t get easily lost. As for consumers, you should think about encrypting your flash drives if walking around with sensitive personal information on them.

Of course, having a company policy of encrypting a device doesn’t mean things are fine. For example, last week the FHN Family Counseling Center in Illinois acknowledged an employee’s laptop with sensitive patient data was stolen from their car. The center has a policy that all laptops have to be encrypted. However, due to a technical issue this one wasn’t. It isn’t clear if the issue was the employee’s fault, or a problem with the software. Now, the stolen laptop was password-protected. However, that isn’t protection enough. A poor password can easily be cracked. Meanwhile, the centre has re-encrypted all of its remaining laptops just to be sure.
What about just password-protecting your computer or drives? Depending on how short the password is, that may not be enough if you have sensitive data on it. You may need to encrypt them.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Alexa Flash Briefing. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast