Background check provider SterlingBackcheck recently began notifying 100,000 people that their names, birthdates and Social Security numbers may have been exposed when an unencrypted laptop was stolen from an employee’s car on May 29, 2015, CBS46 News reports.
“In addition to launching the ongoing investigation into this incident, we have implemented additional measures to mitigate against the risk that an incident like this will happen again by updating our encryption and audit procedures, revising our equipment custody protocols, retraining employees on privacy and data security, and installing remote-wipe software on portable devices,” SterlingBackcheck CEO Clare Hart wrote in a notification letter [PDF] to those affected.
All those affected are being offered two free years of credit monitoring and identity restoration services from AllClear ID. Anyone with questions is advised to contact (855) 227-9823.
The news comes soon after a survey of 1,001 U.S. adults, conducted in July 2015, found that 70 percent of respondents think it would be more risky to trust a company with their Social Security number than it would be to carry their Social Security card in their wallet.
The survey, commissioned by Citrix and conducted by Wakefield Research, also found that 69 percent of respondents think having their personal information stolen in their lifetime is inevitable, and 84 percent believe their personal information is more vulnerable now than it was a year ago.
“Getting to know employee needs, including when and where they need to access information and the tracking of user behavior enables companies to learn from desired behaviors and flag suspicious activity,” Citrix chief security strategist Kurt Roemer said in a statement. “Protecting enterprises and customers by encrypting data at all stages further reduces the attack surface.”
And that may finally start happening… soon. A separate IANS survey of 100 information security influencers and decision makers found that 84 percent of respondents have considered a security strategy of encrypting all data. Their reasons for doing do include preventing data breaches (66 percent), fulfilling compliance or audit mandates (54 percent), and protecting financial and other assets (53 percent).
The survey, sponsored by Vormetric, also found that 54 percent of respondents said their top challenge in implementing encryption is legacy technology and support for encryption. Other challenges include the cost of encryption technology (52 percent) and concerns about performance impacts (44 percent).
“Could encrypting everything result in a more simplified strategy for security technology, saving costs and improving security posture now and in the future? The idea is compelling, and the majority of security leaders we questioned felt that this could be a good idea,” the IANS report states. “Currently, IANS recommends that organizations look at encryption more strategically, potentially exploring an ‘encrypt everything’ approach now or in the near future.”
This eSecurity Planet article offers six tips for stronger encryption.