Half of IT professionals leave mobile security to chance
As threats to corporate data grow, and the cost of breaches increase, a survey of alleged security conscious professionals has remarkably revealed that over half of respondents (52%), who admit to carrying company data on a USB stick, do not encrypt it. Remarkably, 11% of this savvy audience, who really should know better, “protect’ their devices with passwords alone – an insufficient defense that is widely understood to be easily breached.
The study questioned 277 IT security professionals who, theoretically, view security seriously enough to spend time attending InfoSecurity Europe. Astonishingly, the type of unprotected data being carried would have serious repercussions to the organization should it be misplaced – from intellectual property(67%), customer data (40%) and employee details (26%).
Data transported on any unencrypted mobile device – such as laptops, handheld devices, smartphones, USB drives, CD-DVDs and other devices, are the equivalent of ticking time bombs waiting to blow up in the organization’s face – with mandatory audits, breach notifications, hefty fines and public humiliation likely to ensue.
Worst of all there really isn’t any excuse – organizations can easily arm themselves utilizing centrally-managed solutions that provide data-centered, policy-based protection across all endpoints, which simply won’t allow information to be transferred without first encrypting it – regardless of the device it’s being transferred to.
As if evidence of the problem was needed, early this month (June 2) it was revealed that a USB stick containing personal information about children, that was neither encrypted nor password protected, had been lost by West Berkshire Council; it was also reported (June 4) that in March a staff member from Lampeter Medical Practice downloaded a database containing 8,000 patient details onto an unencrypted USB stick before posting it but it never arrived; the month previously (May 5) another USB stick, this time containing personal information on patients and staff at a secure hospital near Falkirk, was reportedly found lying defenseless in an Asda store car park.
The UK is not the only country struggling with insecure mobile devices as, also last month (May 14), The Department of Veterans Affairs in the US suffered another possible breach of private data as it reported that a thief had stolen an unencrypted laptop that held the social security numbers and other information of 616 veterans.
The study also found that 11% of the sample had experienced a breach recently.