|
The worldwide shift from stationary desktop computers to highly-portable laptop and tablet PC computers offers organizations increased productivity, flexible work schedules and greater work/life balance. Driven by the need for increased productivity and the ability to present up-to-date information at a moment’s notice, secure mobile computing can be an organization’s greatest strength. However, research indicates that lost or stolen laptop computers cause nearly 50% of public data breaches. With recently expanded state data breach legislation, even a single lost or stolen computer can expose organizations to the negative publicity and increased costs associated with public data breaches.
To protect themselves, many organizations have developed sophisticated IT asset use policies while others have combined policy with encryption technology in hopes of better securing computers and the sensitive information they contain. While these are necessary steps, organizations still struggle to compensate for the “human factor.” According to a recent survey of 1,400 enterprises, more than 60% of data breaches are the work of those operating within the firewall – insiders such as employees, contractors and others with ready access to sensitive information. Accidentally or by design, employees will always be the weakest link in computer security strategies that rely on their diligence to provide consistent protection.
Rather than imposing strangling IT asset policies aimed at forcing end users to comply, endpoint security strategies use centrally-managed technology to ensure that mobile devices such as laptops secure themselves. Using readily-available computer theft recovery, remote data delete and Internet-based IT asset management, organizations can free end-users from computer security responsibilities while ensuring maximum protection for computers and the information stored on them.
Survey Sheds Light on Holes in Data Breach Protection
In September 2007, Research Concepts LLC asked 185 members of NetworkWorld’s Technology Opinion Panel about the state of computer and data security in their organizations. The results revealed that, although computer and data security are high priorities for corporations, they are nevertheless unprepared to prevent data breaches and computer theft. Common approaches to computer security aimed at minimizing the possibility of data breach were consistently undermined by employees. Indeed, those surveyed reported that only one in 100 employees consistently follows corporate data and security policies.
Physical Security and Authentication
The simplest form of laptop computer security involves protecting the computer and its physical environment. According to Research Concepts, more than 31% of organizations surveyed provide laptop users with cable locks to secure their computers when out of the office. Nearly 94% reported the use of password-based authentication on laptop computers. Interestingly, this same survey group indicated that they believed employees were responsible for most incidents of data breach within their organizations. Clearly, many organizations believe that despite basic precautions such as providing laptop locks and password-protecting computers, employees remain the weakest link in security plans.
Organizational Policy
Research Concepts found that 58% of organizations currently promote polices for the safe use of mobile computing devices and for accessing sensitive files. The University of Miami Office of HIPAA Privacy and Security for example, details the circumstances under which students and medical staff may download electronic protected health information to a laptop computer. The fact remains however, that despite these organizational policies, busy salespeople, unknowing marketers and harried administrative staff will contravene policy and load sensitive information onto portable computers. With more than 600,000 laptops stolen each year in the United States, companies relying on organizational policy to protect sensitive data will continue to fuel data breach media headlines.
High Tech Protection: Encryption and IT Asset Management
More than 50% of organizations surveyed by Research Concepts indicated that they protected sensitive information with encryption software. A further 43% reported the use of asset tracking software. Simply knowing where all mobile computers are located is a powerful security measure, however, traditional IT asset management solutions are designed to track only those laptops that connect to a local area network (LAN) or virtual private network (VPN) connection. For a large proportion of laptop users, returning to head office is an intermittent event – allowing many laptop computers to remain below the radar of IT.
|
