This thread in Fratching got me thinking about my department's take on novelty flash drives:
http://fratching.com/showthread.php?t=6743
Except, in our case, the "novelty" flash drive is a 4G Ironkey Enterprise flash drive. These things are not cheap. And EVERYBODY has to have them. It's like as soon as somebody's cube-neighbor gets one, they have to requisition one also.
Granted, they're truly leet for what they do. We don't resent the expense for the extra security they provide. I resent the fact that they are NOT BEING USED.
How do I know? By the password reset requests that I have to process! Thank goodness for the Enterprise version, though. The Personal version ironkey doesn't have an administrator function- and if you enter the wrong password 10 times, the encryption chip self-destructs. Poof, $150 bucks gone.
The gravy on this porkchop is that the reason we use encrypted flash drives is to help with HIPAA compliance. If a flash drive with Protected Health Care Information went missing, it could lead to a data breach. So if the drive is encrypted, no worries.
Except that my co-workers, who have been given Ironkeys, are using their own dang flash drives for most of their work! They complain it's "too hard" to use them, and "I can never remember the password". Duh, that's because you aren't using it! And you have lousy password discipline, see my other posts on this subject.
So WHEN they lose their personal flash drive, that may or may not contain Protected Health Care Information, they will be putting my boss's job on the line for a data breach. She doesn't deserve that! She's the only decent boss I've ever had! I can't lose her!
Plus, since they put the stuff on their own property, there's a certain amount of personal liability too. The last HIPAA data breach in the news affected about 4 people I know of. The lower-ranking people all lost their jobs. The supervisor had to do community service and pay around $50 K in fines.
At least now that we've been buying these things for a couple of years, we are stocked up. One of the managers and one of the section heads are retiring, so I have 2 flash drives to distribute, so my department isn't going to be dinged for buying new ones soon.
And since nobody actually uses them, they won't notice the drives are only 4G!
http://fratching.com/showthread.php?t=6743
Except, in our case, the "novelty" flash drive is a 4G Ironkey Enterprise flash drive. These things are not cheap. And EVERYBODY has to have them. It's like as soon as somebody's cube-neighbor gets one, they have to requisition one also.
Granted, they're truly leet for what they do. We don't resent the expense for the extra security they provide. I resent the fact that they are NOT BEING USED.
How do I know? By the password reset requests that I have to process! Thank goodness for the Enterprise version, though. The Personal version ironkey doesn't have an administrator function- and if you enter the wrong password 10 times, the encryption chip self-destructs. Poof, $150 bucks gone.
The gravy on this porkchop is that the reason we use encrypted flash drives is to help with HIPAA compliance. If a flash drive with Protected Health Care Information went missing, it could lead to a data breach. So if the drive is encrypted, no worries.
Except that my co-workers, who have been given Ironkeys, are using their own dang flash drives for most of their work! They complain it's "too hard" to use them, and "I can never remember the password". Duh, that's because you aren't using it! And you have lousy password discipline, see my other posts on this subject.
So WHEN they lose their personal flash drive, that may or may not contain Protected Health Care Information, they will be putting my boss's job on the line for a data breach. She doesn't deserve that! She's the only decent boss I've ever had! I can't lose her!
Plus, since they put the stuff on their own property, there's a certain amount of personal liability too. The last HIPAA data breach in the news affected about 4 people I know of. The lower-ranking people all lost their jobs. The supervisor had to do community service and pay around $50 K in fines.
At least now that we've been buying these things for a couple of years, we are stocked up. One of the managers and one of the section heads are retiring, so I have 2 flash drives to distribute, so my department isn't going to be dinged for buying new ones soon.
And since nobody actually uses them, they won't notice the drives are only 4G!
Comment