Feeds

The human factor in laptop encryption

Lock down the business managers!

Choosing a cloud hosting partner with confidence

Hardly a day goes by without news of some laptop containing sensitive information about customers or staff getting lost or stolen. The latest high profile example is the Bord Gais burglary in Dublin in which an unencrypted laptop containing the bank details of 75,000 electricity customers was stolen. Hilariously, Bord Gais told the people affected that "data security and laptop encryption is a major priority for us". More practically, it urged the names to watch out for their bank accounts.

Bord Gais is not uniquely incompetent in laptop security matters, as this week’s trawl of the Reg Library shows. Even when laptops are supplied encrypted, many employees will switch off encryption, in defiance of company policies.

Let’s explore this in a little more detail.

The human factor in laptop encryption

This white paper from Ponemon Institute on behalf of Absolute Software is based on a survey of UK business managers and IT security professionals. The results are compared with earlier surveys conducted in the US and Canada, all of which show that business managers are not to be trusted. [So we are paraphrasing, a little.]

A high percentage of business managers share passwords and do not use complex passwords, use a privacy screen shield, keep their laptop physically safe when travelling or lock their laptops to their desks to protect sensitive and confidential data. Also, many respondents believe that encrypted solutions make it unnecessary to take other security measures.

IT security practitioners, by contrast, are more diligent in all areas. Not news. More surprising is just how crap at this business managers are – even reckless. Remember a lot of these guys work in finance.

According to the report 50 per cent of business managers have turned off the laptop’s encryption solution. Thirty three per cent of those who turned off the encryption solution say that this violates company’s security policy and 27 per cent are unsure. Oh dear.

This is a good paper, with lots of bar charts and statistical caveats to keep you company.

Airport insecurity: The case of lost laptops

Ponemon Institute has carved a niche for itself with laptop security, as it is also the author of this paper sponsored by Dell. Laptops in airports are something of an interest here – ever since a US TSA agent dropped our laptop at security clearance and broke the casing. He got a colleague to question me about the laptop and held it in such a way that I could not see that it was broken, before prompting me to put it back in the laptop bag. Who says TSA staff are stupid? Not me. Clumsy, perhaps...

Ponemon rang up 106 big airports in 46 states to discover that Business travellers lose about 12,000 laptops a week in US airports. Not all, or even most, are stolen by airport staff – 40 per cent of losses occur at security checkpoints. But of the laptops that are found, just 33 per cent are reclaimed by their owner. The rest are sold off, leaving “potentially millions of files containing sensitive or confidential data that may be accessible to a large number of airport employees and contractors”.

For the paper, Ponemon Institute also interviewed 864 business travellers in the airport environment. And yes, they are concerned that they have confidential data on their laptops, and no, many of them don’t back this data up. And just one in five use disk-based encryption. The paper contains a commonsense checklist of dos and don’ts for business travellers and again, lots of statistics. This is an interesting read, containing no sales pitch. ®

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.