A study by Origin Storage, a secure storage specialist, has
revealed that 41 percent of what should be a security-savvy audience are
carrying sensitive information on mobile devices unprotected. In fact, 19
percent revealed that their organization had suffered a data breach following
the loss of a portable device (i.e., laptop, USB, CD) with 54 percent
confessing the device had not been encrypted—an offense under the Data
Protection Act and subject to regulatory action by the ICO, were it made aware.
With 70 percent of organizations making data encryption
mandatory, 11 percent of those respondents carrying sensitive information
unprotected are actually breaching their organization’s data protection efforts
while the other 30 percent are simply following their organizations woefully
inadequate example. When digging a little deeper, the study, amongst IT
security professionals at this year's Infosecurity Europe show, found that 37
percent of respondents confessed that between 81 and 100 percent of all sensitive
data stored on their device(s) is actually left unprotected—so not just one or
two documents transferred in a hurry.
Andy Cordial, Origin’s managing director, said when you
consider the level of knowledge this audience is assumed to have, working in IT
and having some form of security remit, and yet the lax protection used for
sensitive data, it’s hardly surprising data breaches are increasing in
frequency and especially recently in size. “I’m astounded that 30 percent of
organizations are still oblivious to the Data Protection Act and the
recommendation from the Information Commissioner that encryption be used to
protect sensitive information,” he said.
The problem of sensitive data isn’t restricted to any
particular device, as 67 percent use laptops, 52 percent use USBs, 33 percent
still rely on CDs with 52 percent use another form of portable storage device.
A final startling revelation is that just 36 percent of visitors felt that FIPS
certification is "a must" for encryption technology.
“The ICO recommends any solution should meet FIPS 140-2, yet
31 percent of our sample flippantly state that it ‘doesn’t matter.’
Certification is the only ‘proof’ that the product actually does what the
company ‘claim’ it does. It’s not just me saying this because our products have
the certification as there have been incidences where products have fundamental
design problems, or even companies that have made false claims,” Cordial said.
“My advice—don’t leave security to chance. Lock it down with something that’s
actually proven to work or there is a strong possibility you’ll be crying over
spilled data.”
