The laptop was left unattended during the trip, and it is believed the content was copied at that time, reports said.
Since December, the U.S. Computer Emergency Readiness Team (US-CERT) has been called in to work on Commerce Department computers at least eight times; three of those calls were allegedly in response to possible data security break-ins.
The incident is under investigation.
The Office of Management and Budget (OMB) has issued mandates that all government laptops should have disk encryption and requires the use of two-factor authentication for remote access, said John Pescatore, vice president and distinguished analyst at Gartner.
“If the secretary of commerce had these installed on his laptop and if he was not logged in when the laptop was left unattended, the damage would be minimal -- no information loss would have occurred and no useful passwords could have been obtained,” Pescatore told SCMagazineUS.com on Monday.
If the laptop was not encrypted and/or if the Commerce Department does not use two-factor authentication for remote access, he added, then very serious compromises could have occurred, including: All files and email messages could have been exposed; malicious software could have been installed; all reusable passwords could have been compromised and if remote access to Department of Commerce systems were performed during the unattended period, much deeper compromises could have occurred.
“This is why encryption, login timeout timers and two-factor authorization is so important,” he said.
A department spokesperson could not be reached for comment.
See original article on SC Magazine US
_(36).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
_(1).jpg&h=140&w=231&c=1&s=0)
