Government Technology

    Digital Communities
    Industry Members

  • Click sponsor logos for whitepapers, case studies, and best practices.
  • McAfee
  • Net App
  • NIC
  • Perceptive Software

Employees Undermine Traditional Data Breach Prevention Strategies, Study Says



January 16, 2009 By

Absolute Software and the Ponemon Institute recently announced the findings of a new study on the use of encryption on laptops by employees within corporations in the U.S. The study, "The Human Factor in Laptop Encryption: US Study," revealed that more than half (56 percent) of business (non-IT) managers polled, disable the encryption solution on their laptops. Ninety-two percent of IT security practitioners report that someone in their organization has had a laptop lost or stolen and 71percent report that it resulted in a data breach. Results indicate that it is employee behavior that undermines data protection efforts in corporate America. Companion studies of UK and Canadian companies are also available.

"The data suggests that, because of user behavior, encryption alone is not enough to protect mobile devices and the sensitive data stored on them," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "These statistics are especially disconcerting when combined with our recent studies demonstrating that lost or stolen laptops are the number one cause of data loss, with 3 out of 4 companies experiencing a data breach when a laptop has been lost or stolen."

The report shows that many business managers fail to take necessary precautions to secure their laptops, such as using additional security solutions, and instead are overly dependent on their encryption solutions to protect the sensitive data on their laptops.

"The Human Factor in Laptop Encryption: U.S. Study" key findings include:

  • 92 percent of IT security practitioners report that someone in their organization has had a laptop lost or stolen and 71% report that it resulted in a data breach;
  • 56 percent of business managers have disengaged their laptop's encryption;
  • Only 45percent of IT security practitioners report that their organization was able to prove the contents of missing laptops were encrypted;
  • Only 52 percent of business managers - employees most likely to have access to the most sensitive data (personally identifiable information and/or intellectual property) - have employer-provided encryption;
  • 57 percent of business managers either keep a written record of their encryption password, or share it with others in case they forget it;
  • 61 percent of business managers share their passwords, compared to only 4 percent of IT managers; and,
  • Business managers are much more likely than IT security practitioners to believe encryption makes it unnecessary to use other security measures for laptop protection.

In the event of a theft, companies relying solely on encryption cannot be sure whether all stored data on a laptop has been encrypted, if it has been compromised, or even which files have been accessed by thieves. This can leave corporations with gaping holes in their security efforts, and risk exposing the company, employees, customers and consumers to data and identity theft. To help solve security risks that encryption alone cannot adequately address, companies can employ a security solution that can locate a stolen or lost laptop, detect which data has been accessed, and remotely delete sensitive data.

"This research highlights what Absolute has long-emphasized: while encryption technology provides a high-degree of data protection, it must be complemented by additional security layers that are not dependent on the diligent behavior of corporate employees," John Livingston, chairman and CEO of Absolute Software said. "If I were tasked with data security, I would read this study in detail and immediately assess my company's data protection strategy, especially if I was reliant solely on encryption. Corporations may incorrectly assume that since it is company policy to encrypt mobile data, they are not at risk for a data breach. With more than half of business managers disabling their encryption solutions, companies are left incredibly vulnerable to theft and data loss if they do not utilize additional layers of security, such as those offered by Absolute."

Highlights and the complete reports for "The Human Factor in Laptop Encryption" studies for the U.S., U.K. and Canada can be found online.


| More

Comments


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
WHITEPAPER: D Block Spectrum Act and the FirstNet Broadband Network. What does it all mean?
On Feb 22, 2012, the Middle Class Tax Relief and Job Creation Act of 2012 was enacted into law. This law will ensure the establishment of a nationwide, interoperable public safety broadband network in every state and territory in the U.S. Learn about the new law and what you can do to prepare for it now.
New Research Reveals Surprising Trend for Funding Innovation
Listen to an informative discussion with Digital Communities members to learn how you can use your IT savings and efficiencies to do the new things you have been waiting to do.
Continuity with Cloud Solutions
Cloud solutions provide agility, flexibility and scalability to government agencies. In an emergency situation where an agency’s infrastructure and resources are impacted, prioritization and restoration become critical elements of a disaster recovery plan. The flexibility of cloud services helps agencies make adjustments to processing capacity on demand.
View All

Digital Communities members get access to our collaboration task forces

427 Members

77 Discussions

84 Files

Latest members Become a member

Digital Communities members get access to our collaboration task forces

669 Members

145 Discussions

150 Files

Latest members Become a member

 


Featured White Papers & Reports

The Future of the Desktop in Government

Until recently, there was no alternative to the familiar desktop computer, and its expensive upgrades and maintenance requirements. For cash-strapped local governments, the desktop computer is quickly becoming an unsustainable option for future progress. Now, a technology known as virtual desktop infrastructure (VDI) offers an alternative. It can be significantly more affordable than buying individual computers for every employee, and it provides similar capability. This paper shows how VDI is the future of the desktop and is a game-changer for local governments.


View Full Library

Events

GTC East

Don't miss this opportunity to see the latest in digital government solutions, keep abreast of current policy issues and network with key government executives, technologists and industry specialists.

View All Events