Security professionals should practice what they preach, and many don't when it comes to privacy.
Calling privacy "a neglected area" in information security, expert Sarah Gordon said security professionals need to set an example by taking advantage of technical and policy solutions that can help mitigate risks to corporations.
In analyzing a recent survey conducted by her company, Gordon, a Symantec senior research fellow, found that a surprisingly large number of security practitioners fail to encrypt sensitive materials.
The majority of the 154 surveyed in the United States, United Kingdom and European Union failed to encrypt data on the hard disk (85%); don't encrypt all e-mail messages (98%); and don't even encrypt sensitive e-mail messages (62%).
Gordon noted that failure to take steps to protect this information could easily cost companies money through the loss of intellectual property, particularly when e-mail and attachments pass through many points with potential eavesdropping prior to reaching their destination. Other consequences could be the loss of time, work and credibility.
Gordon's advice to enterprises is standard. Encrypt this information to protect it in transit from prying eyes, and from theft by Trojans and malicious code on the hard drive.