Don't Forget the Laptops

While it's easy to focus on the threats posed by hackers, simple physical theft should also be a major source of concern for anyone seeking to minimize the risk of unauthorized information access. As if to provide an object lesson on this point, the TSA (yes, the same people who make you take your shoes off when you need to board a plane) has reported that a lost external hard drive has put social security numbers, and bank and payroll data for about 100,000 current and former employees at risk (see article here and the TSA's public statement here). This is exactly the kind of incident that a good security policy which was designed with more than just hackers in mind could have prevented. Indeed, TSA's security policy ideally would have prohibited such sensitive data from being stored in unencrypted form on such an easily lost (or stolen) device. However, apparently, the TSA either didn't have, or didn't enforce, such a policy and, as a result, they'll be paying for a year of free credit monitoring for potentially effected employees.