Elena Hines reports:
A Southern Michigan Bank & Trust employee’s vehicle was burglarized and a laptop stolen on April 10. The bank says there is no indication of a data breach, but staff are doing what they can to protect customers.
“Once we became aware, we immediately took several steps to protect our clients,” said John Castle, SMB&T chairman and CEO.
The laptop — issued to an employee who needed to access the information on it to answer questions that came in after regular business hours — was password-protected, and “right now there is no indication any information has been breached,” Castle said.
The laptop’s contents included names, checking account numbers and social security numbers, but no personal identification numbers (PINs) or passcodes.
Well, okay, but why couldn’t there be full disk encryption on the laptop instead of just a password?
Read more on Three Rivers Commercial-News.
Why wasn’t the user set up with a secure line at home and a secure login to the server[so that the DATA need NOT be on the said laptop in the first place] and hence the DATA not STOLEN? As a network Analyst/Engineer this seems like a more secure and less irresponsible method of end-user setup to put in place, as well as placing less responsibility on the user overall. The user should know better in the future to always take the equipment into the house first before any other task.
I thought about that, too (secure login and no data on laptop), but the way they worded the “after hours” made me wonder if they had some config that would make the server unreachable after normal hours.