Feeds

The human factor in laptop encryption

Lock down the business managers!

Intelligent flash storage arrays

Hardly a day goes by without news of some laptop containing sensitive information about customers or staff getting lost or stolen. The latest high profile example is the Bord Gais burglary in Dublin in which an unencrypted laptop containing the bank details of 75,000 electricity customers was stolen. Hilariously, Bord Gais told the people affected that "data security and laptop encryption is a major priority for us". More practically, it urged the names to watch out for their bank accounts.

Bord Gais is not uniquely incompetent in laptop security matters, as this week’s trawl of the Reg Library shows. Even when laptops are supplied encrypted, many employees will switch off encryption, in defiance of company policies.

Let’s explore this in a little more detail.

The human factor in laptop encryption

This white paper from Ponemon Institute on behalf of Absolute Software is based on a survey of UK business managers and IT security professionals. The results are compared with earlier surveys conducted in the US and Canada, all of which show that business managers are not to be trusted. [So we are paraphrasing, a little.]

A high percentage of business managers share passwords and do not use complex passwords, use a privacy screen shield, keep their laptop physically safe when travelling or lock their laptops to their desks to protect sensitive and confidential data. Also, many respondents believe that encrypted solutions make it unnecessary to take other security measures.

IT security practitioners, by contrast, are more diligent in all areas. Not news. More surprising is just how crap at this business managers are – even reckless. Remember a lot of these guys work in finance.

According to the report 50 per cent of business managers have turned off the laptop’s encryption solution. Thirty three per cent of those who turned off the encryption solution say that this violates company’s security policy and 27 per cent are unsure. Oh dear.

This is a good paper, with lots of bar charts and statistical caveats to keep you company.

Airport insecurity: The case of lost laptops

Ponemon Institute has carved a niche for itself with laptop security, as it is also the author of this paper sponsored by Dell. Laptops in airports are something of an interest here – ever since a US TSA agent dropped our laptop at security clearance and broke the casing. He got a colleague to question me about the laptop and held it in such a way that I could not see that it was broken, before prompting me to put it back in the laptop bag. Who says TSA staff are stupid? Not me. Clumsy, perhaps...

Ponemon rang up 106 big airports in 46 states to discover that Business travellers lose about 12,000 laptops a week in US airports. Not all, or even most, are stolen by airport staff – 40 per cent of losses occur at security checkpoints. But of the laptops that are found, just 33 per cent are reclaimed by their owner. The rest are sold off, leaving “potentially millions of files containing sensitive or confidential data that may be accessible to a large number of airport employees and contractors”.

For the paper, Ponemon Institute also interviewed 864 business travellers in the airport environment. And yes, they are concerned that they have confidential data on their laptops, and no, many of them don’t back this data up. And just one in five use disk-based encryption. The paper contains a commonsense checklist of dos and don’ts for business travellers and again, lots of statistics. This is an interesting read, containing no sales pitch. ®

Internet Security Threat Report 2014

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.