What's it going to take to convince universities to implement better policies and practices such as USB device management, including encryption and approved devices only?
When will Ohio state government managers realize that the intern you're paying $10.50 an hour is not the ideal caretaker for an unencrypted backup tape containing the PII of all 64,467 state employees?
Say it with me, people. Encryption. Best practices. Policy. Standards. Easier said than done, I know. But here are the simple facts. We are data custodians. Management, systems administrators, security analysts...we are all data custodians, and we must take better care of the information we manage. It's not our information. It belongs to our students, our customers, our veterans.
"First, do no harm." Failure to protect the information in our care is doing harm, as much as the criminal who stole it.
Kudos to SC for The Breach Blog, but it's a shame we even need it.