Reminder: Don't Be Like London Heathrow Airport and Lose a USB Stick Full of Sensitive Information
There's always a scene in spy movies where the daring protagonist is warned that "should this fall into the wrong hands, it would be catastrophic." "This" could refer to a weapon, a jewel of some sort, or information.
It wasn't a spy movie, but a USB drive containing a ton of valuable information regarding security systems at London's Heathrow airport, one of the busiest airports on the planet, was left on the street. Thankfully, it didn't fall into the wrong hands, but rather a Good Samaritan who reported it to authorities.
The USB stick, which contained 76 folders with maps, videos and documents related to the airport's security systems and procedures, ended up on the street. What's worse, it didn't require a password or any sort of identification, much less the two-factor authentication that a lot of tech-savvy businesses have implemented.
According to The Mirror, the guy who found the stick on the street plugged it into his computer and saw the following:
- The exact route the Queen of England takes to the airport, as well as security measures to guard her
- Files detailing every identification type, even the ones used by undercover police officers, used to access restricted areas
- Patrol timetables to prevent attacks
- Maps showing security cameras, and tunnels and escape shafts
- Routes and security plans for Cabinet members and foreign dignitaries
- Details of the airport's ultrasound radar system used to scan the runways and fence
When Heathrow officials said the stick's disappearance was a "risk to national security," they weren't exaggerating.
Oh, and for good measure, a security source gave The Mirror a very spy-movie-esque message:
"In the wrong hands, this would represent a profound threat in terms of terrorism or espionage," they said. "Aviation security is under a microscope because of the desire by terrorists to bring planes down in a spectacular fashion. Security services would not want this leaked or sold to hostile parties."
You can practically hear someone like Ralph Fiennes saying it, can't you?
But, joking aside, this is very serious. When such important information is stored on something as mobile and ubiquitous as a USB drive, it's imperative that two-factor authentication is used.
Heathrow could even have nifty little keys, like the ones used by Google, printed. Even if a USB device with crucial information falls into the wrong hands, you'd need that, too, to access it. Seems like a no brainer, right?
In any case, this is about as good a lesson as any that businesses of all kinds and sizes should be extremely careful—and train employees to be careful—when it comes to data security.