Coffeehouse Post

Single Post Permalink

View Thread: Autosave is unsecure - UK Government
  • User profile image

    , evildictait​or wrote

    2. Don't ever put data on laptops, or take laptops out of buildings (this makes it hard for the government employees to work from home, meet contractors etc, so there is a large cost associated with this. 

    It may be true for some of the data that gets lost (e.g. a laptop with security plans for a major event) that not putting it on a laptop would be an inconvenience, but there are many many cases of lost data (and it's not just the government that this happens to) where they leave behind a laptop or portable storage device that has a database of individuals' data on it. There is no excuse for this ever being on a personal computer. If they need to work out of the office they should VPN onto the corporate network and access the data remotely.

    I applaud encryption of the data, it's a step in the right direction. But, in the words of XKCD, "strictly speaking it's better than the alternative, yet someone is clearly doing their job horribly wrong". 

    EDIT: Of course, even on the server, the data should still be encrypted.