Feeds

The human factor in laptop encryption

Lock down the business managers!

Providing a secure and efficient Helpdesk

Hardly a day goes by without news of some laptop containing sensitive information about customers or staff getting lost or stolen. The latest high profile example is the Bord Gais burglary in Dublin in which an unencrypted laptop containing the bank details of 75,000 electricity customers was stolen. Hilariously, Bord Gais told the people affected that "data security and laptop encryption is a major priority for us". More practically, it urged the names to watch out for their bank accounts.

Bord Gais is not uniquely incompetent in laptop security matters, as this week’s trawl of the Reg Library shows. Even when laptops are supplied encrypted, many employees will switch off encryption, in defiance of company policies.

Let’s explore this in a little more detail.

The human factor in laptop encryption

This white paper from Ponemon Institute on behalf of Absolute Software is based on a survey of UK business managers and IT security professionals. The results are compared with earlier surveys conducted in the US and Canada, all of which show that business managers are not to be trusted. [So we are paraphrasing, a little.]

A high percentage of business managers share passwords and do not use complex passwords, use a privacy screen shield, keep their laptop physically safe when travelling or lock their laptops to their desks to protect sensitive and confidential data. Also, many respondents believe that encrypted solutions make it unnecessary to take other security measures.

IT security practitioners, by contrast, are more diligent in all areas. Not news. More surprising is just how crap at this business managers are – even reckless. Remember a lot of these guys work in finance.

According to the report 50 per cent of business managers have turned off the laptop’s encryption solution. Thirty three per cent of those who turned off the encryption solution say that this violates company’s security policy and 27 per cent are unsure. Oh dear.

This is a good paper, with lots of bar charts and statistical caveats to keep you company.

Airport insecurity: The case of lost laptops

Ponemon Institute has carved a niche for itself with laptop security, as it is also the author of this paper sponsored by Dell. Laptops in airports are something of an interest here – ever since a US TSA agent dropped our laptop at security clearance and broke the casing. He got a colleague to question me about the laptop and held it in such a way that I could not see that it was broken, before prompting me to put it back in the laptop bag. Who says TSA staff are stupid? Not me. Clumsy, perhaps...

Ponemon rang up 106 big airports in 46 states to discover that Business travellers lose about 12,000 laptops a week in US airports. Not all, or even most, are stolen by airport staff – 40 per cent of losses occur at security checkpoints. But of the laptops that are found, just 33 per cent are reclaimed by their owner. The rest are sold off, leaving “potentially millions of files containing sensitive or confidential data that may be accessible to a large number of airport employees and contractors”.

For the paper, Ponemon Institute also interviewed 864 business travellers in the airport environment. And yes, they are concerned that they have confidential data on their laptops, and no, many of them don’t back this data up. And just one in five use disk-based encryption. The paper contains a commonsense checklist of dos and don’ts for business travellers and again, lots of statistics. This is an interesting read, containing no sales pitch. ®

New hybrid storage solutions

More from The Register

next story
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.