December 19, 2003 (Computerworld) --
Bank Rhode Island's CEO said today that her IT department plans to install encryption and fraud-detection software on computers after a laptop containing the names, addresses and Social Security numbers of about 43,000 customers was stolen from its principal data-processing provider, Fiserv Inc. "We are making certain what limited information is on [the laptops] is encrypted. We don't think there's any sensitive information on them. But we're acting in an abundance of caution with respect to those laptops," BankRI President and CEO Merrill Sherman said. The theft of the laptop from Fiserv also prompted BankRI to install fraud-detection software on computers at its Providence, R.I., headquarters and branch offices, Sherman said. "This has reinforced heightened scrutiny around security. We're pretty comfortable with our policies and procedures," said Sherman, adding that she is also comfortable with measures Fiserv is taking to ensure that customer data theft doesn't happen again. Les Muma, president and CEO of Brookfield, Wis.-based Fiserv, said the data on the laptop was password-protected but not encoded. Muma said the theft was a result of a single employee not following company policy regarding the storage of unencrypted data on laptops. The data was being used in a test scenario. "Our internal policies are damn tight. It was a terrible mistake, and the individual has been reprimanded," Muma said, adding that law enforcement authorities investigating the crime are confident that it was simply a petty theft and the thief was unaware of the data. The FBI, the U.S. Secret Service and local police agencies are all involved in the investigation, he said. "We keep hoping the PC will turn up, but odds are it's been fenced for money." Sherman said that the laptop didn't contain personal identification numbers, account passwords, debit or ATM card information, or other financial data, and that fewer than 100 of its customers' account numbers were on the computer's hard drive.
BankRI, a wholly owned subsidiary of Bancorp Rhode Island Inc., has $800 million in deposits in 13 branches. The bank sent out letters to customers who could be affected by the theft, telling them that there is no risk to their bank accounts and giving them a hot line number to call if they discover any identify theft. Jerry Silva, a senior analyst at TowerGroup in Needham, Mass., said he wasn't surprised that sensitive customer information was contained on a laptop or that it was stolen, because more enterprises are trusting mission-critical data to third-party outsourcers and they haven't stopped to consider security issues around that decision. Silva said banks must begin thinking about data security in the same way the semiconductor industry treats cleanliness
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center Register for this complimentary live webcast today! Go to the webcast
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing
Online Security Issues in Regulated Industries
Download this research paper, free for a limited time, compliments of Webroot! (Source: Webroot Software) In June 2008, Computerworld invited IT and business leaders to participate in a survey on online security initiatives at their organizations. The goal of the survey was to better understand Web and e-mail security issues faced today within the regulated education, financial services, government and health care industries. The following report represents top-line results of that survey. Download this white paper
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Security Management Zone
Security management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure.
Visit the CDW Security Management Zone nowSee All Zones
Fired up about IT?Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT the good, the bad, and the rest of the weird stuff you deal with every day.
In Security Stripping away the trappings of applications, systems and networks, information is the core asset of most organizations. Our columnist describes how asserting the importance of information governance is crucial to making that asset tangible, addressable and protected.
Click here to read the latest column by Jon Espenschied