Laptops lifted right under corporate noses

By Anne Saita, News Director 04 Oct 2005 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Guess where your employees are most likely to lose their laptop. Home? Airport? Car?

Try the office.

A new survey of Global 2000 professionals suggests laptops are most likely to be lost or stolen at work. And 90% of those missing devices contain confidential business information, such as sensitive e-mails, network passwords and proprietary documents. Add in that 82% are never recovered, and you've got a lot of corporate secrets circulating in the open.

"Everyone knows to guard their devices when they're traveling, but the results we found about the office were quite shocking," said Bob Heard, CEO of CREDANT Technologies, a security software provider that conducted the survey this summer. Some 16,700 professionals were invited to participate and, among the 456 that responded, 283 of them qualified. The results outlined in the report are based on those that qualified.

Some other key findings include:

• The office ranked first is places where laptops disappeared, accounting for 29% of answers. Cars ranked second with 25% and airports were third at 14%.
• Almost 75% of missing laptops didn't meet encryption data requirements mandated by California SB 1386 and other states' breach notification laws, as well as data privacy regulations like HIPAA.
• It took at least five days for almost all respondents to have their laptops and all the applications and data replaced, resulting in lost productivity.
• In 70% of the cases, the employees were merely issued new laptops. Only 14% were reprimanded.
• Only 56% reported the theft or loss to police. Even fewer, 39%, told the insurance company.

Related link Are identities safer on laptops than central databases?

"Most concerning is that the two most likely places laptops were lost or stolen was while respondents were going about their everyday business," the report on corporate exposure stated. "When looking at how the respondents commented on their stolen laptop, many mentioned the physical security of the device but no one mentioned the information security of the device. In most circumstances, the information value contained on the laptop far outweighs the hardware/software value."

Most likely to be exposure risks were e-mails (87%), confidential business information (67%) and confidential personal information (26%). That was followed closely by stored passwords used to connect to a corporate network. In addition, nearly three-quarters of the missing devices were secured only by a password. Another 21% didn't even have that minimum security. Only 18% used full-disk or partial encryption.

Among the more interesting comments in the survey were those who reported their stolen laptops had been physically secured with lock and cable and even Super glue.

Tags: Information Security Laws, Investigations and Ethics,  HIPAA,  Identity Theft and Data Security Breaches,  Security Awareness Training and Internal Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Laws, Investigations and Ethics Melissa Hathaway urges more cooperation, government attention to cybersecurity Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity HIPAA Cost of security, IT management add up at healthcare facilities, study finds Healthcare security spending remains sluggish, report shows Creating a HIPAA employee training program FTC extends breach notification to Web-based health repositories Are there guidelines to create a HIPAA-compliant data center? HHS HIPAA guidance on encryption requirements and data destruction Writing a patient identifier policy to prevent common HIPAA violations HIPAA compliance: New regulations change the game HIPAA compliance manual: Training, audit and requirement checklist Key elements of a HIPAA compliance checklist HIPAA Research Identity Theft and Data Security Breaches Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection University data breach exposes 163,000 women to identity theft TJX thrives following breach, bucks sour economy

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CALEA  (SearchSecurity.com) cyberstalking  (SearchSecurity.com) FERPA  (SearchSecurity.com) HSPD-7  (SearchSecurity.com) I-SPY Act  (SearchSecurity.com) Information Awareness Office  (SearchSecurity.com) intelligence community  (SearchSecurity.com) lawful interception  (SearchSecurity.com) lifestyle polygraph  (SearchSecurity.com) vulnerability disclosure  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary