Boeing announced last week it fired an employee who it said violated company policy by downloading sensitive information onto a laptop without using encryption technology. Boeing took the action after learning the laptop, which contained personal information about 382,000 Boeing employees and retirees, had been stolen from a car. The theft of the laptop put those whose information was on the machine at risk for identity theft.
The theft marked the third time in roughly a year in which a laptop containing sensitive personal information about Boeing employees and other individuals was stolen. A laptop stolen in April contained personal information on about 3,600 people, and one stolen in late 2005 contained information on 161,000.
.........from a personal source, all Boeing telecommuters are to begin reporting to their nearest home office. Looks like "work from home" jobs are going to go Bye-bye..........
I'm so sick and tired of information being put on laptops that are then stolen. If everyone in the chain of command knew their job was on the line if this happened (employee, manager, IT manager, etc.), it would probably happen less. I don't even have that sensitive of information on my work laptop, which I take home, but always put it in the trunk and out of sight when I stop at the store "just for a minute." Smash and grabs happen too fast.
so a person with access to sensitive information, and who should have known better, DL'ed info and didnt use an encryption... lemme ask this: why did he download it to a laptop rather than something a little bit easier to secure?
or better yet
how much do ya think he was paid to download sensitive info to an unsecured laptop and leave it in his car?
H.....mmmm..... Let's see, imagine NORAD'S Military Personnel downloading "highly" sensitive defense information on a loptop and getting that laptop stolen and falling into the hands of the "bad" guys - what then? Come on now BOEING, put on that thinking cap (a bit late for that - huh)!
Boeing acted correctly in this situation. After two breaches of security it's time for Boeing to make an example of someone so that other employees finally understand the seriousness of this issue. And, no one should leave their laptop in the car, EVER.
The right example would have been to file charges for negligence and ask for civil compensations on behalf of all those in the list! Just put in 10 bucks for each and I guarantee no Boeing employee would ever "download" sensitive info on his laptop. BTW... what the heck did he say he was going to do with it on the laptop?!
Yes! Finally a company gets beyond "we're really really sorry."
But I agree with others' comments. The added public step by all companies in such situations needs to be to let the world know the individual is being thoroughly investigated for possibly having done it deliberately.
It's almost a trend - you see one person do it, and then you decide to do it.
It's the mentality that, "this will never happen to me," that gets people into trouble, so they end up doing it anyway.
I think this is the right course of action for Boeing or any other company that allows users to take laptops home - fire irresponsible people.
The data on the laptops is what's important, not the laptops themselves.
Telecommuters should be forced to take a simple and instructive training course on the proper use of laptops - from how to access company networks to storage when on the road.
And just because you have a BIOS password on it doesn't mean it can't be reset.
Why did this person need to have info on 300,000 people on a laptop? Was he going to do his Christmas Cards? Get set up for GirlScout cookie time? I assume that Boeing has a server with this stuff on it, so why the need to lug it all home?
If I had my "company" laptop stolen, the swipers would have some quarterly reports and 20 CDs or so of music. And my grandkids photos. I have, what they call, a VPN account, and the password is in my brain (with a paper copy in my sock drawer). ***!
An idiot at my school decided to download sensitive faculty info on a flash drive on her keychain and took it with her. Of course it got stolen.
The stupidity of people never ceases to amaze.
At least some software companies are working on this problem. A company I recently interviewed with is developing software that does not allow downloading and transfer of data except under certain circumstances set by the customer.
It is sad that this sort of project is necessary, but as long as idiots and/or malicious employees exist it is.
Did Boeing provide the laptop to the employee, or was it his own? If Boing provided it, then they should have ensured that it was configured with encryption by default. Notice that the story does not say that it was against Boeing policy to have downloaded the info, only that the info should have been encrypted. We are not getting the whole story here. Is this employee being scapegoated for a larger Boeing failure?
Because Boeing allowed the situation to happen if Boeing had simply followed some simple solutions. All hard disk should be fully encrypted using many free or retail packages available. Enforce policies to block USB drives, removable media etc. For a small or perhaps no fee at all Boeing could have saved itself money, attention, the employee (who by the way needs to know less about encryption and more about what they are paid to do) and last but not least peoples personal information. If I were the man atop Boeing the first person fired would have been the CTO.
Firing an employee for doing something he was capable of doing because of the access rights granted him.
Who granted him those rights? That is the person whom should be fired!
There is ONLY ONE WAY to strong security...
To start with, tie everything down and give NOBODY access to ANYTHING.
Then with certain need, have a request placed for ONLY the required access, minimally open up only what is required and for the time required. Ensure the time has a short deadline of a maximum of 3 months such that it gets reviewed every 3 months to see whether such access is still required or not.
A constant review of who has acces to what and whether it's required or not should already be ongoing... but apparently not.
But I still can't believe a Defense Contractor would have such lax security.
Fireing the guy won't keep it from happening again. Firing the current security management team WILL however give them one last chance to do things the right way if they get a good/new security team to replace the current so-called security team.
I'm really tired of hearing that "the employee needed to have 100,000 employee records to test his program." Hasn't anyone ever heard of using fake data for testing? If you're capable of writing software, you should be capable of making fake data. No excuses.
I dont' know why the article mentioned he downloaded dangerous software. I mean, did it matter? The laptop was stolen. It's not like an installed Norton will electrocute a thief and stop him from putting his hands on the laptop
While I am glad Boeing took some action I think that this is a huge case of a scapegoat. Yes, of course there is culpability for the employee but he or she should not serve as the whipping boy for Boeing's mistakes. I would really like to see Federal Regulations that are set up to protect the Personal information would actually be enforced and punish the company. I think if companies would see the cost of their errors they would have more incentive to take the extra step to protect the information.
I guess I'd be rather upset if I was the CIO and one of your vulnerable sources of info is now outside the company. What ever happens, if the corporate bosses have to answer up to either the feds, the public or shareholders, the the responible individual is no longer working for you. What possesses these people to take chances with vital info. The government does not have a monopoly on stupidity.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
or better yet
how much do ya think he was paid to download sensitive info to an unsecured laptop and leave it in his car?
Amazing. Talkin about too many reruns of "The X-Files"...get a freakin life....not EVERYTHING is a conspiracy moron-wake up ;)
BTW... what the heck did he say he was going to do with it on the laptop?!
But I agree with others' comments. The added public step by all companies in such situations needs to be to let the world know the individual is being thoroughly investigated for possibly having done it deliberately.
It's the mentality that, "this will never happen to me," that gets people into trouble, so they end up doing it anyway.
I think this is the right course of action for Boeing or any other company that allows users to take laptops home - fire irresponsible people.
The data on the laptops is what's important, not the laptops themselves.
Telecommuters should be forced to take a simple and instructive training course on the proper use of laptops - from how to access company networks to storage when on the road.
And just because you have a BIOS password on it doesn't mean it can't be reset.
I assume that Boeing has a server with this stuff on it, so why the need to lug it all home?
If I had my "company" laptop stolen, the swipers would have some quarterly reports and 20 CDs or so of music. And my grandkids photos.
I have, what they call, a VPN account, and the password is in my brain (with a paper copy in my sock drawer).
***!
The stupidity of people never ceases to amaze.
At least some software companies are working on this problem. A company I recently interviewed with is developing software that does not allow downloading and transfer of data except under certain circumstances set by the customer.
It is sad that this sort of project is necessary, but as long as idiots and/or malicious employees exist it is.
Who granted him those rights? That is the person whom should be fired!
There is ONLY ONE WAY to strong security...
To start with, tie everything down and give NOBODY access to ANYTHING.
Then with certain need, have a request placed for ONLY the required access, minimally open up only what is required and for the time required. Ensure the time has a short deadline of a maximum of 3 months such that it gets reviewed every 3 months to see whether such access is still required or not.
A constant review of who has acces to what and whether it's required or not should already be ongoing... but apparently not.
But I still can't believe a Defense Contractor would have such lax security.
Fireing the guy won't keep it from happening again. Firing the current security management team WILL however give them one last chance to do things the right way if they get a good/new security team to replace the current so-called security team.
Walt
mouth off you do it. nice work buddy