Stolen Laptop at the VA

1) The stolen laptop from the Department of Veterans Affairs reveals a number of security weaknesses in the agency’s system. Given that the VA is responsible for dispensing federal benefits like healthcare, pension, and disability to veterans, most of the information this agency deals with is personal, and thus inherently calls for high security. This is not the case, however. One of the major security problems that lead to a laptop that contains private data to be stolen includes poor supervision. The data analyst who took this laptop with him to his house to work from there had not told his supervisor about his actions. Furthermore, this employee had taken laptops home with him several times before, unbeknownst to his supervisor. This points to a significant problem, namely poor supervision. The analyst had reported the burglary incident to his supervisors, but those supervisors failed to tell the inspector general’s office. The inspector general became aware of the issue as a result of office gossip. Furthermore, the agency did not report the incident to law enforcement until two weeks after it found out about it. Even the FBI stated that if it had received the notice earlier, it would have been more efficient in identifying the culprit(s). Thus, there is a clear gap in communication within and among departments and agencies. Another problem deals with the lack of security on the laptop itself. The data is not encrypted and may be easily accessed by people who know what they are doing.

2) The management and organization problems deal with poor supervisors who are not aware of their employees’ actions, and who do not communicate well within their department. This is evident when it was later discovered that the data analyst who took the laptop home with him had actually done so multiple times before, without letting his supervisors know. It was decided that the data analyst did nothing illegal, but just the fact that the supervisors are not aware of what is going on around them shows that something is missing in their authority. Furthermore, after finding out from the employee about the burglary, they failed to notify the inspector general, thus elongating and worsening the process of protecting veterans’ private information. This lack of communication is a major contributor to the problem. Technology factors that contribute to the weakness revolve around the lack of encryption of the data on the laptop. It is potentially easily access to someone who knows what he is doing.

4) In order to prevent these problems, the laptops should not be allowed to be removed from work property. They should, in fact, be stored in a secure area that is not accessible to just anyone. Supervisors should assert their authority and ascertain that employees are not taking these laptops home or off work grounds. They should also make an effort to stay in the loop and remain cognizant of all occurrences around them. Another side to that is the necessity for them to be able to communicate with those above them and within other departments. Without communication, they will not be efficient. Monthly meetings would be a great start to keep the connections going. There should be a rule stating that incidents such as these should be reported immediately to higher authorities. Lastly, (rather firstly, for this is the most basic and important way to hinder any unwanted access in the data) the laptops should all be locked and encrypted so that even if they are stolen, it would be nearly impossible to make sense of what is discovered.