Government workers and their unsecured technology devices

Data security breaches - laptop and USB

This blog addresses the issue of confidential government information and data being lost after being taken by trusted personnel out of Government offices

 

With dependencies on technology, we have all started using mobile phones, laptops, tablets etc. as a means of communication. Threats of malware and viruses attacking our devices have been investigated in depth and are still a hot subject of research and investigation. However, what hasn’t been discussed are ways in which to eliminate unauthorised access to a device that arise when a government worker loses a device in their possession which contains confidential information.

Over the last several years, there have been a number of cases reported in the United Kingdom where Government workers, authorised personnel or sub-contractors of government agencies have lost, had stolen or left their technology devices, including Laptops, memory sticks and external hard drives on public transport, in car parks, fast-food chains or from military sites.

All the devices that went missing contained extremely highly sensitive and Top Secret data. In one particular case, an authorised person lost a memory stick containing the medical records of more than 6000 prisoners and ex-prisoners. The data was encrypted, however the password was written on a note which was attached to the memory stick.  In July 2008, the Ministry of Defence confirmed that 121 computer memory sticks 747 laptops have been lost or stolen in the previous 4 years.

Although the loss or theft of these devices is difficult to control, biometric solutions such as PalmVein can help to eliminate unauthorised access to the sensitive and Top Secret data that these devices hold. By using a palm scanner, authorised personnel are able to log-in to the devices without the need for passwords. The palm scanner is also used as way to open certain government related applications or even documents that are password protected without the need for a password. The biometrics scan of a personnel’s palm acts a single sign-on mechanism. Each sign-on to a device is recorded for auditing purposes. This is especially important if there are multiple authorised personnel accessing the same device. Any unauthorised personnel trying to access the device will also be recorded for future auditing. This method on access a device eliminates the need to use password.

With advancements in technology, many laptops and mobile phones nowadays have a biometrics enabled security access option, in the form of a fingerprint scanner. Although this is a secure method, it is not always the most accurate and is prone to flaws. If, for example a person is trying to access his own laptop using fingerprint recognition technology, any changes in his fingerprint, such as cuts or a worn-away finger-tip (due to burns or prolonged use of keyboards etc), will deny this person access to the device.

The palm vein technology is a highly secure and contactless biometrics solution that works by reading the vascular pattern of the palm. These patterns are unique to each individual and exists underneath the skin layer so they cannot be forged thereby making it more secure than any other biometric device. Being contactless and technologically advanced, it is extremely appropriate for use by end customers as well as for bank employees where security cannot be compromised.

WCT is in the business of Compliance, Identity & Security assurance. For more information, you can reach us on (globalsales@wct-inc.com)

 

References:

BBC (2009, May). Previous Cases of Missing Data. Retrieved from http://news.bbc.co.uk/2/hi/uk_news/7449927.stm

House of Commons Defence Committee (2009, March). Ministry of Defence Annual Report and Accounts 2007-08. Retrieved from

                http://www.publications.parliament.uk/pa/cm200809/cmselect/cmdfence/214/214.pdf

 

 

Advertisements