Couriers- “You are the weakest link!”

Tis the season to be greedy –at least that’s what a couple of New York City thieves thought the other night when they stole an entire 18-wheeler FedEx truck containing somewhere around $1M in valuables. What might go overlooked is the priceless corporate data that could possibly be on that truck as well. We constantly rely on couriers such as FedEx to securely ship all of our “data at rest-in transport”, but what measures are they taking to actually ensure those assumptions? If the breach blog has taught us anything, it’s that not enough companies are encrypting their laptop hard drives, backup tapes, etc”¦ and these types of attacks are still serious risks to our data.

As a security consultant, I repeatedly see and hear about these things going overlooked. From boxes labeled “Iron Mountain” sitting on empty loading docks, to Dell boxes waiting in the vacant hallways of shared office buildings, companies are constantly putting their data at risk at pickup and drop off areas. And I’m actually surprised we don’t see this more often, now even not-so-tech thieves can cash in on the action with these physical attacks. So what do we do? Require all couriers to upgrade to armor cars? Or maybe just spend the time and money now to upgrade your security policy and encrypt all data out of your control!