Theft or loss of unencrypted laptops and USB drives is one of the leading causes of data breaches for several past months. There is lot more possibilities of data breach through stolen laptop today as compared to it was decade ago.
“Whether or not, in a particular instance, a thief was looking for the data on the machine, the fact that there is this market in name, address, Social Security number, phone number, credit card data and so on, makes the loss of a device which has got that data on it all the more potentially damaging,” ESET senior security researcher Stephen Cobb says.
“If there’s a difference between a laptop theft today and 10 years ago, it’s that it’s probably got saleable data on it,” Cobb states. “Something that we see in talking to organizations is that a lot of people are not yet fully aware that data about people has a value in a very structured black market.”
“You can buy a 16GB thumb drive at the drugstore for $12, and you can put information on it, the loss of which would cost you a million dollars,” Cobb mentioned.”Not enough people are looking at it like that. For $80, you can buy one that’s encrypted automatically, but they look at the difference in price and they say it’s not worth it. But when you look at the million-dollar impact, it’s a different calculation.”
Another major cause for data breach is related to employees neglect for the policies. He added “Policies and procedures often lag behind the systems that they’re supposed to protect,” he says. Policies have to ensure safety of the data.
“If I were to fault anybody in the employee error side of things, it would be upper management for not realizing the importance of keeping people up to date on these things,” Cobb says. “I’m an opponent of the stupid user theory. Yes, some people do dumb things, and there will always be that element, but an employee isn’t stupid if they haven’t been told what they should and shouldn’t do. And an organization which doesn’t have checks and balances in its processes is more stupid than the employee who makes a mistake and there’s nobody around to catch it.”
Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.
Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.