Log in

Archive for July, 2009

Airports – Reason Number One for Encryption

July 9th, 2009

airport-laptop Any frequent traveler will tell you that every trip through an airport presents numerous chances for them to loss their laptop. Everyday business travelers put their organization’s sensitive and confidential at risk when they travel through airports. Today most companies are dependent upon on a mobile workforce that needs access to information no matter when they are outside the office – be it commuting from the office to their house or from their house to a business meeting on another continent. This mobility constantly puts companies at risk of having a data breach if a laptop containing sensitive information is lost or stolen.

Dell and the Ponemon Institute conducted a study, Airport Insecurity: The Case of Lost Laptops, to fully understand the risks posed to sensitive and confidential data contained in the laptops of business travelers. The findings of this study can help companies understand what they should be doing to protect the information on their employees’ laptops and to reduce the likelihood that their employees will lose laptops while traveling.

The Dell/Ponemon study was not simply the gathering of stories. To complete the study, the Ponemon Institute conducted field research at 106 major airports across the United States to determine the frequency of lost or missing laptops at their locations. In addition to laptop loss frequency, they captured information about airport operating practices concerning laptop recovery, reclamation rates, and disposal procedures.

The data they uncovered is amazing – and consider that the numbers are already months old and during the last year portable and especially netbook growth has continued:

Business travelers lose more than 12,000 laptops per week in U.S. airports. That’s in the US only!
Only 33% of laptops within the lost and found departments in airports are reclaimed. Many of the rest are sold off, leaving “potentially millions of files containing sensitive or confidential data that may be accessible to a large number of airport employees and contractors”.
According to U.S. airport representatives, the most common airport locations where laptops are lost or missing include security checkpoints (40%) and departure gates (23%).

And here is the killer data from the security perspective, “Over 53% of business travelers say that their laptops contain confidential or sensitive information. However, 65% of these travelers admit they do not take steps to protect or secure the information contained on their laptop.”

The numbers are all there. The risks are there. The solutions are not that hard – but companies need to step up to give their IT staff the time to implement data encryption and the time with the portable owners to properly train them about data encryption and best practices.

2 comments »

Posted in Encryption, Identity and Information loss

Tags: airport data encryption laptop laptop theft

Irish Laptops are not smiling

July 6th, 2009

When you are in the computer security business, hardly an hour goes by without news of some laptop containing sensitive information about customers or staff getting lost or stolen. Now, for the average business person they may not hear these stories multiple times a day – but they are certainly starting to show up multiple times a week.

The latest example brings us to Ireland and a burglary at the Bord Gais Energy offices. To quote the official company announcement, “Bord Gais Energy can confirm that a burglary took place on Friday, 5th June in one of its Dublin offices. During this incident four laptops were stolen, one of which contained customer information and bank details for 75,000 Bord Gais Energy electricity customers.”

To highlight the impact on the Bord Gais, even a month later their website commits 20% of the home page to the story on Laptop Theft. This is an IT manager’s nightmare – IT is impacting the business in an adverse manner.

bord-gais

In a poor choice of words the letter from Bord Gais to consumer, the letter states that “data security and laptop encryption is a major priority for us.” Well that is true now, when the letter is being written. However, the tens of thousands of impacted customers are probably more concerned about how Bord Gais let this happen.

On the website, Bord Gais points out the solution – “We have reviewed our laptop encryption programme and can confirm all laptops are now fully encrypted.” But they also admit the causes:

Why were the laptops not in a secure location?
The laptops were being used on a day-to-day basis and were left in locked offices overnight.

Were the laptops not encrypted?
All of the laptops had levels of security on them – however only one of them had hard drive encryption – the remaining three had password protection.

Bord Gais is not uniquely incompetent in laptop security matters – think about your own companies, do the above events occur in your organizations. Even when laptops are supplied encrypted, do some employees switch off encryption and ignore company policies. Do they even know what the company policy is? Do they even understand what encryption is? Why do they have rights to shut off encryption?

Bord Gais is facing all these questions now. Smart companies address these questions internally, amongst themselves, before the publicity hits home.