A few weeks ago FEDEX mislaid CD's containing 130,000 people's patient data - Gotcha? the data wasn't encrypted. The disks disappeared from a weekly shipment from Siemens to the Lincoln hospital in New York via FedEx. Data included social security numbers, address and even driving licence information, as well as medical records.

 

It's interesting, and probably very common, that everyone sending the data thought it was ok not to encrypt such sensitive records, presumably as couriers are seen as such a great and safe way to send things.

 

If you're sending sensitive files, before you burn them to disk, encrypt with tools like truecrypt or WinZip. If you do it properly, and your data is lost or stolen, no-one can read it.

 

If you're using WinZip, the key thing is to use the latest version with AES 256 encryption, and to protect against password crackers by using a horrific password, following these guidelines from Dave Whitelegg:

1. At least 12 characters in length
2. Be random not contain any dictionary, common words or names
3. At least one Upper Case Character
4. Have at least one Lower Case Character
5. Have at least one Numeric Character
6. Have at least one Special Character e.g. $,£,*,%,&,! 

 

Or just send the data securely online!

 

Links:

The story http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?newsid=20908

 

Great article on how to choose passwords and encrypt files using winzip -  http://blog.itsecurityexpert.co.uk/2008/01/winzip-encryption-password-security.html