There's No Security Like Reactive Security
from the a-little-late dept
After a laptop with the personal information of millions of veterans and military personnel was stolen from a Department of Veterans Affairs employee, the agency's decided it would be a good idea to go ahead and recall all its laptops so their security software can be reviewed. The recall will be part of a "Security Awareness Week" announced by the department's secretary in the wake of the event, along with his call for strengthened federal penalties for individuals found to be negligent in their handling of personal information, adding that the department is in the process of firing the employee whose laptop was stolen from their home. While trying to make employees take more personal responsibility and making them realize they have a vital role in security would be beneficial, it seems a little misguided to make employees accept so much responsibility when their employers don't really have to worry about the repercussions of poor security. While the head of the VA's call for increased security and his intention to beef up are laudable, it's of little comfort to the 26.5 million people whose personal information was stolen. The guy calls this theft "the hundred-year storm" of data leaks, but the scale really isn't important, particularly to the people whose info gets lifted. It's almost as if he's saying if only 100 or 1,000 people's data were leaked, it wouldn't really matter, which is a completely irresponsible attitude -- or perhaps a lesson to thieves. Keep it small, and nobody will care. There have been enough previous data leaks that companies and government agencies should be well aware of the problem, and not waiting for it to break some random threshold before they decide to improve their security.