Cybersecurity isn’t just about securing the data on the network. It’s about securing the data anywhere on any endpoint, on any device, on any application. An incident from last week put the importance of endpoint security front and center. A Secret Service laptop with extremely sensitive information stored on it was stolen, as ZDNet explained:
A thief broke into a Secret Service's car in Brooklyn and stole the laptop in the middle of the night. Taken in a backpack that was later dumped, the laptop contains information about Trump Tower, including floor plans and evacuation protocol, along with important files on Pope Francis and [Hillary] Clinton.
Sources are reporting that there is no risk to the data stored on the laptop, as the device has high levels of security. The device requires a code to be accessed, the files are encrypted, and allegedly, there is a remote wipe option. Cybersecurity efforts within government agencies have not been at high standards, as we’ve seen with so many recent breaches and other security incidents, including stolen laptops.
A laptop left in a car isn’t just a national security concern. Leaving laptops, smartphones and tablets unattended is something that most individuals do at one point or another. Even letting a friend or family member borrow your phone could be a security risk for your company, if that phone is used as BYOD. The Secret Service theft is a reminder of how common the disappearance of our devices can be and the risks that are involved.
You may think that you don’t have anything to worry about because all of your company data is accessed via the cloud, and nothing is stored directly on the device. Fair enough . . . except, how well is that cloud secured? According to the 2017 Thales Data Threat Report, nearly two-thirds of security professionals admit that they are using technology like cloud computing without security solutions. In addition, a Symantec study found that companies use a lot more cloud applications than they realize. As eSecurity Planet explained:
The report, based on an analysis of more than 20,000 cloud apps, 176 million cloud documents, and 1.3 billion emails, also found that 25 percent of all files stored in the cloud are broadly shared (i.e. to the public, to the entire organization, or to an external third party). Among those, the report states, 3 percent contain compliance related data, including PII, PHI and PCI.
The uncertainty of the security of this data, whether stored on a laptop or in the cloud or elsewhere, is why I agree with a comment from Alertsec CEO Ebba Blitz. In an email, Blitz said:
The theft of a Secret Serviceman’s laptop containing sensitive information should be a wake-up call for everyone. This case illustrates the difference a complete IT security chain, including endpoint encryption, can make. It’s a difference between a national security threat versus a stolen piece of equipment.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba