IT Specialists at Risk Transmitting Unsecure Mobile Data: Report
A study by Origin Storage, a secure storage specialist, has revealed that 41 percent of what should be a security-savvy audience are carrying sensitive information on mobile devices unprotected. In fact, 19 percent revealed that their organization had suffered a data breach following the loss of a portable device (i.e., laptop, USB, CD) with 54 percent confessing the device had not been encrypted—an offense under the Data Protection Act and subject to regulatory action by the ICO, were it made aware.
With 70 percent of organizations making data encryption mandatory, 11 percent of those respondents carrying sensitive information unprotected are actually breaching their organization’s data protection efforts while the other 30 percent are simply following their organizations woefully inadequate example. When digging a little deeper, the study, amongst IT security professionals at this year's Infosecurity Europe show, found that 37 percent of respondents confessed that between 81 and 100 percent of all sensitive data stored on their device(s) is actually left unprotected—so not just one or two documents transferred in a hurry.
Andy Cordial, Origin’s managing director, said when you consider the level of knowledge this audience is assumed to have, working in IT and having some form of security remit, and yet the lax protection used for sensitive data, it’s hardly surprising data breaches are increasing in frequency and especially recently in size. "I’m astounded that 30 percent of organizations are still oblivious to the Data Protection Act and the recommendation from the Information Commissioner that encryption be used to protect sensitive information," he said.
The problem of sensitive data isn’t restricted to any particular device, as 67 percent use laptops, 52 percent use USBs, 33 percent still rely on CDs with 52 percent use another form of portable storage device. A final startling revelation is that just 36 percent of visitors felt that FIPS certification is "a must" for encryption technology.
"The ICO recommends any solution should meet FIPS 140-2, yet 31 percent of our sample flippantly state that it 'doesn’t matter.’ Certification is the only 'proof’ that the product actually does what the company 'claim’ it does. It’s not just me saying this because our products have the certification as there have been incidences where products have fundamental design problems, or even companies that have made false claims," Cordial said. "My advice—don’t leave security to chance. Lock it down with something that’s actually proven to work or there is a strong possibility you’ll be crying over spilled data."