VA Security Breach the Veteran\'s Affairs Department

VA Security Breach

The Veteran's Affairs department has had several notable security breeches in recent years. In one 2006 incident, patient data was downloaded onto an unsecured laptop and stolen. Patient records at the VA were unencrypted at the time. "If data is properly encrypted there is no data breach. The device can be stolen but no data can be accessed" because the thief lacks the 'key' to decode the data (Johnson 369). But since the data was not encrypted, patient records could be easily downloaded onto an unsecured computer that was later removed by the thief.

However, simply encrypting data is not enough, since the person possessing the key can potentially steal the data. First and foremost, adequate screening of employees is essential -- individuals that have access to sensitive data such as Social Security numbers should have to pass the standards for at least minimum security clearance. Secondly, no non-approved computers should be allowed on the premises. Employees should have to work at approved computers with secure connections when handling sensitive information. If employees must work from laptops at home, they should have to log in to access encrypted data, and data access should be limited to only those employees who must access it as part of their work duties; it should not be generally accessible to all employees. The greater the number of employees that possess the information, the greater the risk of security breaches.

Workers must also be trained to be vigilant about potential breaches of security policy. A later 2010 breach of security was discovered by a nurse-scientist who reported suspicious activity. Employees may be hesitant to speak up unless they are actively encouraged by official policy and an organizational culture of openness. Respect for the need for security must become part of the organizational culture as a whole.

Essay 8: Security policies

Security policies are essential so both employees and the population the organization serves feel comfortable disclosing necessary data for the organization to function. If people feel reticent about disclosing their Social Security numbers to a government agency because they are fearful that their privacy may be compromised, the agency cannot perform to a high standard. Customers will be unwilling to offer their private data and credit card information if they do not believe the company has a secure website with encrypted data and limits on how customer information is shared. Highly-publicized breaches can be devastating for a company's reputation. Employees should feel as if their personal information is secure, in the company database.

Security policies also keep the organization running: malware has the potential to disrupt an organization's functionality for a long period of time, resulting in a loss of time and money. Employees are a company's first line of defense to prevent this from happening, by respecting correct security procedures such as not opening suspicious email, not engaging in unauthorized surfing, and being required to use secure, frequently-changed passwords.