Over half of UK managers disengaging laptop encryption
By IT PRO staff,
The UK is proving somewhat careless when it comes to data management, with figures showing more than half (53 per cent) of British business managers have disengaged the encryption on their laptops.
Only business managers in the US were found to be worse, with 60 per cent placing corporate information at risk by turning off company laptops' encryption solutions.
The UK also came second only to the US in the bad stakes where a lost or stolen laptop resulted in a data breach, according to the Human Factor in Laptop Encryption study from Absolute Software Corporation and the Ponemon Institute.
Almost two-thirds (61 per cent) of UK IT managers admitted stolen devices had led to a data breach, compared to 72 per cent of Americans.
“While laptop encryption is an essential and important security tool, improper end-user actions such as turning off security features, sharing passwords, or using insecure wireless networks may substantially reduce the effectiveness of encryption in protecting laptop computers,” warned Dr Larry Ponemon.
UK organisations may want to take note of the findings, especially when new powers are handed to the Information Commissioner’s Office.
From 6 April 2010, the regulatory body will be able to implement penalties of up to £500,000 for serious breaches of the Data Protection Act.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Project Management Analysis & Insight
Tech Heads: Cisco's Dave Evans predicts the future
We talk to Cisco's chief futurist about his predictions for the technology of the future - from cyborgs, parallel universes and internet telepathy to the ultimate fate of humanity itself.
Latest Project Management Reviews
Swiftlight review
Rating: 
advertisement
Most popular
- Ubuntu vs. Windows 7 on the business desktop
- York researchers heat storage to speed up data
- OneNote hits Google?s Android
- O2 trials Olympic-scale remote working
- Who to trust after the VeriSign hack?
- Lenovo beats expectations again
- BlackBerry Bold 9790 review
- Will someone rid me of these troublesome Macs?
- Google to promise fairness after Motorola buy
- Welcome to the stay-at-home Olympics
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Encryption alone is not enough
Encryption is a basic security step for enterprises, but it can be completely undermined without proper identity and access management processes. Poor password management, for instance, could allow someone with the wrong access rights to bypass encryption and access sensitive data. Encryption can create a false sense of security when used alone, and can’t stop bad guys if they have the right credentials. As the survey points out, more than one third of business managers share their encryption keys with other individuals – completely defeating the purpose. What’s needed is a complement of detective and preventive controls like DLP, SIEM and IAM, working in concert with encryption to authoritatively protect sensitive data. With such a lax modern day view of security processes by business managers - with 53% in the UK admitting they circumvent company data security policy - it is important to eliminate the ability to get around policies through the implementation of an identity and access management solution to keep data safe and secure within the boundaries of the organisation. Encryption alone is not enough – and as the survey indicates, it is often disregarded entirely. Stuart Hodkinson, general manager, Courion
By Ip_courion3a5e03 on Thursday Mar 11
Most Organizations Enjoy "Security" as a Matter of Luck
In David Scott’s words, everyone needs to be a mini-Security Officer in the modern organization today. I think Mr. Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).
By janice33rpm on Thursday Mar 11
Human Factor Overriding Element in Data Breach and Theft
In David Scott’s words, everyone needs to be a mini-Security Officer in the modern organization today. I think Mr. Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).
By Ip_johnfranks999 on Friday Mar 12