What happens when you leave a laptop and backup tapes holding unencrypted sensitive customer data in your car? Simple–someone breaks into aforementioned vehicle and steals them–leading to a data breach affecting 300,000 customers.
Cord Blood Registry, the world’s largest stem cell bank, learned this lesson the hard way. Hopefully, your data is already protected–especially on laptops and backup media. If not, hopefully you will learn from CBR’s mistake and won’t have to go through the painful process of learing the lesson the hard way as well.
The lax data protection is a combination of a false sense of security, combined with being oblivious to the risk, mixed with a healthy dose of feeling like the solution is too complex or costly. CBR should have had policies in place mandating that data on laptops and backup media be encrypted to prevent exposure or compromise. More importantly, it should have had tools in place that simplifiy and automate that process so that data protection isn’t reliant solely on an individual user’s ability to follow that policy.