You can't secure what you don't acknowledge.SM

Thursday, June 5, 2008

When handling sensitive encrypted data - don't just unencrypt it

Here's a prime example of just how encryption/change management/policies/whatever else mean nothing when someone makes a bad decision related to information security. Why was this sensitive information unencrypted when it was moved to a new system? Hint Mr. Contractor: all it takes to easily re-encrypt sensitive data is something as basic as Winzip. If you have to decrypt it to use it...then just re-encrypt when you're done.

If you're ever caught in a situation where you have to decrypt sensitive information, either find an alternative method for encrypting when it's not in use or don't decrypt. It's that simple. Better yet, just encrypt your entire hard drive! There's no reason not to.

No comments:

Post a Comment