Comments on: Boeing employee fired after laptop stolen

Company cites breech of policy requiring use of encryption software when sensitive information is downloaded.

[pinkrockafella]

Telecommute????

.........from a personal source, all Boeing telecommuters are to begin reporting to their nearest home office. Looks like "work from home" jobs are going to go Bye-bye..........

[macdaddybob]

Hope this is a trend

I'm so sick and tired of information being put on laptops that are then stolen. If everyone in the chain of command knew their job was on the line if this happened (employee, manager, IT manager, etc.), it would probably happen less. I don't even have that sensitive of information on my work laptop, which I take home, but always put it in the trunk and out of sight when I stop at the store "just for a minute." Smash and grabs happen too fast.

[davaal]

stolen... right

so a person with access to sensitive information, and who should have known better, DL'ed info and didnt use an encryption... lemme ask this: why did he download it to a laptop rather than something a little bit easier to secure?

or better yet

how much do ya think he was paid to download sensitive info to an unsecured laptop and leave it in his car?

[NRecob]

HEY X-FILES BURNOUT WHERE R MY FRIES?

"how much do ya think he was paid to download sensitive info to an unsecured laptop and leave it in his car?"

Amazing. Talkin about too many reruns of "The X-Files"...get a freakin life....not EVERYTHING is a conspiracy moron-wake up ;)

[robbtuck]

Don't leave it in the car!!!!

Duh.

[Commander_Spock]

FAKE SANTAS!

H.....mmmm..... Let's see, imagine NORAD'S Military Personnel downloading "highly" sensitive defense information on a loptop and getting that laptop stolen and falling into the hands of the "bad" guys - what then? Come on now BOEING, put on that thinking cap (a bit late for that - huh)!

[slickmachines]

The correct action

Boeing acted correctly in this situation. After two breaches of security it's time for Boeing to make an example of someone so that other employees finally understand the seriousness of this issue. And, no one should leave their laptop in the car, EVER.

[Kostagh]

What example are we talking about?!

The right example would have been to file charges for negligence and ask for civil compensations on behalf of all those in the list! Just put in 10 bucks for each and I guarantee no Boeing employee would ever "download" sensitive info on his laptop.
BTW... what the heck did he say he was going to do with it on the laptop?!

[Commander_Spock]

Simple Solution!

IBM's WorkSpace-On-Demand (WSOD) requiring no Hard Drive - Duh!

[randomandy]

good start

Yes! Finally a company gets beyond "we're really really sorry."

But I agree with others' comments. The added public step by all companies in such situations needs to be to let the world know the individual is being thoroughly investigated for possibly having done it deliberately.

[`WarpKat]

Monkey see...

It's almost a trend - you see one person do it, and then you decide to do it.

It's the mentality that, "this will never happen to me," that gets people into trouble, so they end up doing it anyway.

I think this is the right course of action for Boeing or any other company that allows users to take laptops home - fire irresponsible people.

The data on the laptops is what's important, not the laptops themselves.

Telecommuters should be forced to take a simple and instructive training course on the proper use of laptops - from how to access company networks to storage when on the road.

And just because you have a BIOS password on it doesn't mean it can't be reset.

[yo-jim-bow]

I've always wondered why ..

Why did this person need to have info on 300,000 people on a laptop? Was he going to do his Christmas Cards? Get set up for GirlScout cookie time?
I assume that Boeing has a server with this stuff on it, so why the need to lug it all home?

If I had my "company" laptop stolen, the swipers would have some quarterly reports and 20 CDs or so of music. And my grandkids photos.
I have, what they call, a VPN account, and the password is in my brain (with a paper copy in my sock drawer).
***!

[qwerty75]

it is amazing how often this happens

An idiot at my school decided to download sensitive faculty info on a flash drive on her keychain and took it with her. Of course it got stolen.

The stupidity of people never ceases to amaze.

At least some software companies are working on this problem. A company I recently interviewed with is developing software that does not allow downloading and transfer of data except under certain circumstances set by the customer.

It is sad that this sort of project is necessary, but as long as idiots and/or malicious employees exist it is.

[CancerMan2]

Who Owned The Laptop?

Did Boeing provide the laptop to the employee, or was it his own? If Boing provided it, then they should have ensured that it was configured with encryption by default. Notice that the story does not say that it was against Boeing policy to have downloaded the info, only that the info should have been encrypted. We are not getting the whole story here. Is this employee being scapegoated for a larger Boeing failure?

[Buzz_Friendly]

Boeing is the only one to blame

Because Boeing allowed the situation to happen if Boeing had simply followed some simple solutions. All hard disk should be fully encrypted using many free or retail packages available. Enforce policies to block USB drives, removable media etc. For a small or perhaps no fee at all Boeing could have saved itself money, attention, the employee (who by the way needs to know less about encryption and more about what they are paid to do) and last but not least peoples personal information. If I were the man atop Boeing the first person fired would have been the CTO.

[wbenton]

What kind of security is this?

Firing an employee for doing something he was capable of doing because of the access rights granted him.

Who granted him those rights? That is the person whom should be fired!

There is ONLY ONE WAY to strong security...

To start with, tie everything down and give NOBODY access to ANYTHING.

Then with certain need, have a request placed for ONLY the required access, minimally open up only what is required and for the time required. Ensure the time has a short deadline of a maximum of 3 months such that it gets reviewed every 3 months to see whether such access is still required or not.

A constant review of who has acces to what and whether it's required or not should already be ongoing... but apparently not.

But I still can't believe a Defense Contractor would have such lax security.

Fireing the guy won't keep it from happening again. Firing the current security management team WILL however give them one last chance to do things the right way if they get a good/new security team to replace the current so-called security team.

Walt

[dmm]

Fake data

I'm really tired of hearing that "the employee needed to have 100,000 employee records to test his program." Hasn't anyone ever heard of using fake data for testing? If you're capable of writing software, you should be capable of making fake data. No excuses.

[iZune]

It was probably an Apple laptop

Apple is so evil

[hobbesca]

wow thats insightful

clearly you are huge fan, any time you get a chance to shoot your
mouth off you do it. nice work buddy

[Gorditon]

Old fashioned way of stealing

I dont' know why the article mentioned he downloaded dangerous software. I mean, did it matter? The laptop was stolen. It's not like an installed Norton will electrocute a thief and stop him from putting his hands on the laptop

[MD525]

Misdirection...?

While I am glad Boeing took some action I think that this is a huge case of a scapegoat. Yes, of course there is culpability for the employee but he or she should not serve as the whipping boy for Boeing's mistakes. I would really like to see Federal Regulations that are set up to protect the Personal information would actually be enforced and punish the company. I think if companies would see the cost of their errors they would have more incentive to take the extra step to protect the information.

[mjd420nova]

Punishment fits the crime

I guess I'd be rather upset if I was the CIO and one of your vulnerable sources of info is now outside the company. What ever happens, if the corporate bosses have to answer up to either the feds, the public or shareholders, the the responible individual is no longer working for you. What possesses these people to take chances with vital info. The government does not have a monopoly on stupidity.