Feeds

The human factor in laptop encryption

Lock down the business managers!

5 things you didn’t know about cloud backup

Hardly a day goes by without news of some laptop containing sensitive information about customers or staff getting lost or stolen. The latest high profile example is the Bord Gais burglary in Dublin in which an unencrypted laptop containing the bank details of 75,000 electricity customers was stolen. Hilariously, Bord Gais told the people affected that "data security and laptop encryption is a major priority for us". More practically, it urged the names to watch out for their bank accounts.

Bord Gais is not uniquely incompetent in laptop security matters, as this week’s trawl of the Reg Library shows. Even when laptops are supplied encrypted, many employees will switch off encryption, in defiance of company policies.

Let’s explore this in a little more detail.

The human factor in laptop encryption

This white paper from Ponemon Institute on behalf of Absolute Software is based on a survey of UK business managers and IT security professionals. The results are compared with earlier surveys conducted in the US and Canada, all of which show that business managers are not to be trusted. [So we are paraphrasing, a little.]

A high percentage of business managers share passwords and do not use complex passwords, use a privacy screen shield, keep their laptop physically safe when travelling or lock their laptops to their desks to protect sensitive and confidential data. Also, many respondents believe that encrypted solutions make it unnecessary to take other security measures.

IT security practitioners, by contrast, are more diligent in all areas. Not news. More surprising is just how crap at this business managers are – even reckless. Remember a lot of these guys work in finance.

According to the report 50 per cent of business managers have turned off the laptop’s encryption solution. Thirty three per cent of those who turned off the encryption solution say that this violates company’s security policy and 27 per cent are unsure. Oh dear.

This is a good paper, with lots of bar charts and statistical caveats to keep you company.

Airport insecurity: The case of lost laptops

Ponemon Institute has carved a niche for itself with laptop security, as it is also the author of this paper sponsored by Dell. Laptops in airports are something of an interest here – ever since a US TSA agent dropped our laptop at security clearance and broke the casing. He got a colleague to question me about the laptop and held it in such a way that I could not see that it was broken, before prompting me to put it back in the laptop bag. Who says TSA staff are stupid? Not me. Clumsy, perhaps...

Ponemon rang up 106 big airports in 46 states to discover that Business travellers lose about 12,000 laptops a week in US airports. Not all, or even most, are stolen by airport staff – 40 per cent of losses occur at security checkpoints. But of the laptops that are found, just 33 per cent are reclaimed by their owner. The rest are sold off, leaving “potentially millions of files containing sensitive or confidential data that may be accessible to a large number of airport employees and contractors”.

For the paper, Ponemon Institute also interviewed 864 business travellers in the airport environment. And yes, they are concerned that they have confidential data on their laptops, and no, many of them don’t back this data up. And just one in five use disk-based encryption. The paper contains a commonsense checklist of dos and don’ts for business travellers and again, lots of statistics. This is an interesting read, containing no sales pitch. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.