Over half of UK managers disengaging laptop encryption
By IT PRO staff,
The UK is proving somewhat careless when it comes to data management, with figures showing more than half (53 per cent) of British business managers have disengaged the encryption on their laptops.
Only business managers in the US were found to be worse, with 60 per cent placing corporate information at risk by turning off company laptops' encryption solutions.
The UK also came second only to the US in the bad stakes where a lost or stolen laptop resulted in a data breach, according to the Human Factor in Laptop Encryption study from Absolute Software Corporation and the Ponemon Institute.
Almost two-thirds (61 per cent) of UK IT managers admitted stolen devices had led to a data breach, compared to 72 per cent of Americans.
“While laptop encryption is an essential and important security tool, improper end-user actions such as turning off security features, sharing passwords, or using insecure wireless networks may substantially reduce the effectiveness of encryption in protecting laptop computers,” warned Dr Larry Ponemon.
UK organisations may want to take note of the findings, especially when new powers are handed to the Information Commissioner’s Office.
From 6 April 2010, the regulatory body will be able to implement penalties of up to £500,000 for serious breaches of the Data Protection Act.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Project Management Analysis & Insight
Marussia F1 team showcases technology used in Formula 1
We go behind the scenes to see 3D printers, ERP systems and a 60 Teraflop Computation Fluid Dynamics Cluster in action at the team's site in Banbury.
Latest Project Management Reviews
Swiftlight review
Rating: 
advertisement
Most popular
- Yahoo CEO resigns after CV debacle
- Apple iPad 3 vs iPad 2 head-to-head review
- Macs under attack?
- HP to bring indestructible plastic displays and Memristor storage to market
- Fusion-IO share price soars on back of Dell merger rumours
- Android users warned of fake app store malware risk
- Dell PowerEdge R820 review
- Is BT the key to broadband Britain?
- What is your password worth?
- Police quiz UK teen over TeamPoison attacks
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Encryption alone is not enough
Encryption is a basic security step for enterprises, but it can be completely undermined without proper identity and access management processes. Poor password management, for instance, could allow someone with the wrong access rights to bypass encryption and access sensitive data. Encryption can create a false sense of security when used alone, and can’t stop bad guys if they have the right credentials. As the survey points out, more than one third of business managers share their encryption keys with other individuals – completely defeating the purpose. What’s needed is a complement of detective and preventive controls like DLP, SIEM and IAM, working in concert with encryption to authoritatively protect sensitive data. With such a lax modern day view of security processes by business managers - with 53% in the UK admitting they circumvent company data security policy - it is important to eliminate the ability to get around policies through the implementation of an identity and access management solution to keep data safe and secure within the boundaries of the organisation. Encryption alone is not enough – and as the survey indicates, it is often disregarded entirely.
Stuart Hodkinson, general manager, Courion
By Ip_courion3a5e03 on Thursday Mar 11
Most Organizations Enjoy "Security" as a Matter of Luck
In David Scott’s words, everyone needs to be a mini-Security Officer in the modern organization today. I think Mr. Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).
By janice33rpm on Thursday Mar 11
Human Factor Overriding Element in Data Breach and Theft
In David Scott’s words, everyone needs to be a mini-Security Officer in the modern organization today. I think Mr. Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).
By Ip_johnfranks999 on Friday Mar 12