I know. It’s crazy talk.
A backup drive forĀ one of Western Michigan University’s departments went missing. The school is not sure if the drive was stolen, or is just misplaced indefinitely, but it is notifying those whose personal data might be compromised should the data be accessed.
Here is the thing, though. If WMU had encrypted the data on its backup drives there would be no issue and no concern. Lost drive? No problem. Replace the drive and go on with life, comfortable and secure in the knowledge that the drive’s new owner can not possibly access the data it contains.
If it was some horrifically complex, costly, or cumbersome process, I could more easily understand why so many schools, hospitals, and other organizations fail at this one, simple thing. But, it’s not. It is simple, automatic, easy, and cost effective–significantly less than the cost of dealing with a data breach incident–to just put the right tools in place proactively and encrypt data on backup media.