Coffeehouse Post

Single Post Permalink

View Thread: Autosave is unsecure - UK Government
  • User profile image

    , GoddersUK wrote


    It may be true for some of the data that gets lost (e.g. a laptop with security plans for a major event) that not putting it on a laptop would be an inconvenience, but there are many many cases of lost data (and it's not just the government that this happens to) where they leave behind a laptop or portable storage device that has a database of individuals' data on it. There is no excuse for this ever being on a personal computer. If they need to work out of the office they should VPN onto the corporate network and access the data remotely.

    I applaud encryption of the data, it's a step in the right direction. But, in the words of XKCD, "strictly speaking it's better than the alternative, yet someone is clearly doing their job horribly wrong". 

    EDIT: Of course, even on the server, the data should still be encrypted.

    But without encryption, the pagefile, any syncronised documents and the VPN keys are all recoverable Perplexed

    If you work for a company, and you don't have encryption on your work tablet/laptop then you shouldn't be allowed to take it outside. And even if you didn't want to ever take it outside, encryption won't hurt.

    Bitlocker everything, do it now. Now add two-factor auth and swipe access to your offices. Until you've done that, everything else is just pretending you've got security.