Vineyard Victim To Computer Theft and Possible Information Security Breach
J. Lohr Vineyards and Wines notifying the Attorney General’s office in New Hampshire that two computers were stolen from their office at company headquarters. A reconstruction of the computer data showed that one of the computers contained the names and Social Security numbers of J. Lohr employees.
A copy of the letter to be sent affected employees, filed with the New Hampshire AG, opens with the following: “… recognizes the importance of safeguarding its personnel information. Even the most rigorous safeguards, however, can not guarantee protection against criminal conduct.”
This is a true statement; however, the truth comes in a variety of shades. Could J. Lohr have done more to prevent their computers from getting stolen? Absolutely. If they had a platoon of armed Marines protecting those two computers, chances are they would be extremely hard to steal. Nobody could argue under such a scenario that the winery hadn’t done enough if someone had managed to steal the devices. It would also cost an arm and a leg for protecting what may retail for $1000. Not cost effective; not realistic. Plus, I’d imagine the mood wouldn’t be conducive to the romancing the wine with armed soldiers all over the place.
Everyone, be it a person or a company, weighs their options when it comes to making a decision. If you happen to be a small winery, and most of your assets are tied down—in huge, heavy oak barrels, for example—then chances are a locked door seems sufficient protection for your computers, especially considering that their monetary value is so small compared everything else the company owns. If your company deals with data and nothing else, then information security is at the top of your mind. Plus, who’d travel all the way through those open fields of grapes just to grab a couple of computers, right?
I think what the above quoted statement stems out of ignorance, not as in chicken‑brains but as in “they have no idea.” The fact is that there are certain cost‑effective things one can do to protect data that approaches the most rigorous safeguard that can virtually guarantee protection. Number one on the list is encryption, be it file or whole disk encryption, available via AlertBoot. Encryption of the hard disks found inside the stolen computers would have protected the information from being leached—say, to criminal organizations such as a data identity theft ring. It would be cheaper than hiring a security guard. Possibly cheaper than filing a letter with the AG (a lawyer was involved, right?), and definitely cheaper than signing up for credit monitoring and fraud alert for all affected.
Of course, encryption isn’t a panacea. For one, it can’t go after the perps if they’re caught red‑handed; you need a human or a robot for that. However, if a company regularly backs up data and uses off‑the‑shelf computers at their place of business, think of all the extra expenses and efficiencies one could save if they replaced just one on‑duty guard with encryption: Health insurance. Bonuses. Sick days. Donuts. Plus, encrypted data stays protected even if the perps get away.