Technology for dealing with lost laptops

Manage your data and encrypt everything all the time - that's the advice from security experts in the wake of another slew of public and private sector data breaches.

By Nicole Kobie, 28 Jan 2008 at 08:17

gallery

Lost laptops and misplaced CDs seem to have become a near-weekly occurrence - in the past week, there'Ã¯s been news of three lost Ministry of Defence (MoD) recruitment laptops, four court discs from the Ministry of Justice , and a sanction from the data protection watchdog for Marks & Spencer.

With the near-ubiquity of portable devices for mobile working, it's no surprise the things get lost, stolen or otherwise misplaced. But when said devices carry not just corporate secrets but the personal, private details of millions, such mistakes carry a heavier weight.

Indeed, the case of the lost laptops from the MoD has had many asking what measures should have been in place - and why so much data was being held on them.

Secretary of State for Defence Des Browne told parliament that the MoD had proper procedures in place to keep sensitive data off of portable devices and that the laptops had encryption software - yet the procedures were not followed and the laptops were not encrypted.

The human factor

Such data breaches have shown users simply do not follow policies. And, people simply can't be trusted to not lose their devices - or leave them in the car overnight, where they can be stolen.

Alan Bentley, the vice president of Lumension Security, said education is necessary. "At the heart of all the recent data losses, is a lack of awareness and coherence to the organisation's security policies. The 'human factor' is often the weakest link in any security armour and the MoD is no exception to this rule."

He called for organisations to properly educate employees about the risk of data theft and to stress what happens if they don't take heed. "Unless employees start to understand that their job is on the line if they fail to follow procedures, this culture of careless data handling will continue," Bentley said.

Joe Fantuzzi, chief executive of Workshare, said: "My sense is that policies are written to be broken... Policy is good to have as a baseline, but policy won't prevent problems."

So the question is: what will? And what will stand up to hackers should they realise the potential of the data on a stolen disc?

Clive Longbottom, principal analyst at Quocirca, runs down the problem: "Policies are spineless, and get ignored. Therefore, companies have to design for idiots, and this means various approaches." First, Longbottom suggests centralising and locking down data, so that when a device is stolen, no data is lost. Second, and more importantly, is to encrypt the information which is on a device.

1 2 3

Email to a friend

Print this page

< Previous Security : Analysis & Insight Next >