Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Low-Tech Humor That Is SO True! | Main | New Guidelines for Safeguarding Personal Data »

Business Info Fact Of The Day: Most Personnel Do Not Protect Laptop Information

The Ponemon Institute seems to have been busy doing surveys throughout the world recently!

According to three separate research surveys they did in the U.S., Canada and the U.K. they report within the BNA Privacy and Security Law Reports (subscription required) about "The Human Factor in Laptop Encryption" many interesting findings. The following are some of the high-level summary statements; see the full reports for some very interesting statistics and analysis:

* In the U.S....

  • "Ninety-two percent of IT security practitioners report that someone in their organization has had a laptop lost or stolen and 71 percent report that it resulted in a data breach. Only 45 percent report that the organization was able to prove the contents were encrypted.
  • Fifty-two percent of business managers surveyed strongly agree and agree that encryption stops cyber criminals from stealing data on laptops versus 46 percent of IT and IT security practitioners who strongly agree or agree.
  • Fifty-seven percent of business managers surveyed record their encryption password on a private document such as a post-it note to jog their memory or share the key with other individuals. Virtually none of the IT security practitioners record their password on a private document or share it with another person.
  • Fifty-six percent of business managers have disengaged their laptop's encryption solution and 48 percent admit this is in violation of their company's security policy.
  • Fifty-nine percent of business managers sometimes or often leave their laptop with a stranger when traveling."

* In Canada...

  • "Eighty-nine percent of IT security practitioners report that someone in their organization has had a laptop lost or stolen and 47 percent report that it resulted in a data breach. Only 49 percent report that the organization was able to prove the contents were encrypted.
  • Fifty-four percent of business managers surveyed strongly agree and agree that encryption stops cyber criminals from stealing data on laptops versus 50 percent of IT security practitioners who strongly agree or agree.
  • Fifty-one percent of business managers surveyed record their encryption password on a private document to jog their memory such as a post-it note or share the key with other individuals. Virtually none of the IT security practitioners record their password on a private document or share it with another person.
  • Forty-eight percent of business managers have disengaged their laptop's encryption solution and 42 percent admit this is in violation of their company's security policy.
  • Fifty-six percent of business managers sometimes or often leave their laptop with a stranger when traveling."

* In the U.K....

  • "Eighty-six percent of IT security practitioners report that someone in their organization has had a laptop lost or stolen and 56 percent report that it resulted in a data breach. Only 45 percent report that the organization was able to prove the contents were encrypted.
  • Fifty-nine percent of business managers surveyed strongly agree or agree that encryption stops cyber criminals from stealing data on laptops versus 46 percent of IT security practitioners who strongly agree or agree.
  • Sixty-five percent of business managers surveyed record their encryption password on a private document such as a post-it note to jog their memory or share the key with other individuals. Virtually none of the IT security practitioners record their password on a private document or share it with another person.
  • Fifty percent of business managers have disengaged their laptop's encryption solution and 40 percent admit this is in violation of their company's security policy.
  • Fifty-two percent of business managers sometimes or often leave their laptop with a stranger when traveling."

Look at how many people write down and share their encryption passwords!

Look at how many people disable their encryption!

I would love to do a study to show the impact of effective and ongoing awareness communications on these types of numbers.

Tags:                          
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on January 19, 2009 10:28 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/909

Comments

Encrypting the whole laptop doesn't protect as well as protecting the files, documents and emails does. Think about it, if someone can break the encryption or gets the password when you encrypt the whole disk, they have access to everything. But if you have each file, each document and each email protected, they'll have to work a lot harder and will likely give up. There's a solution I use called the Voltage Security Network. It lets you encrypt files and documents in any format and provides really easy email encryption. Like I don't have to look-up or manage keys, and I can send encrypted messages to everyone in my address book, even if they don't have any software. Their web site is at http://www.voltage.com/vsn/index.htm and you can even get a free 30-day trial.

Posted by: Jess | January 27, 2009 5:49 PM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.