Laptop encryption – prevention is better than a cure
26th November 2010
A survey of 130 UK public and private organisations by Check Point found that 52% of respondents do not use Laptop encryption to secure their devices.
A further 8% admitted they did not know if a laptop encryption was in use.
Nick Lowe, Check Point’s head of sales said, “all the data security surveys conducted by Check Point in the UK in the last three years have consistently revealed similar results. The use of laptop encryption on corporate devices has not grown, with less than 50% having data encryption deployed”.
The Information Commissioner’s Office (ICO) recently stated that over 800 data security breaches have been reported in the past two years. These breaches covered a variety of incident types the most common including data disclosed in error, lost data or hardware, and stolen data or hardware. Organisations including Yorkshire Building Society, DSGI and the NHS have been found to be in breach of the Data Protection Act and fined accordingly.
Although the risk of a hefty fine is a reality, the Check Point survey found that employees use personal devices for work in 55% of the organisations surveyed, yet 39% of the respondents said they had no formal process for deploying security to these devices.
CYFOR has had experience of dealing with the fallout from data breaches. On a number of occasions we have been able to prevent the reputation damaging email being sent to clients stating that their personal data could be in the public domain, however we firmly believe that prevention is better than cure. For one such client, laptop encryption on the employees laptop could have prevented loss of data and a large fine.
Our incident response service enables organisations to have a dedicated point of contact should they face a situation involving digital evidence. Using such a service ensures that evidence is secured and preserved for future investigation. Avoiding this situation, however, should be the priority with the implementation of an appropriate IT security strategy.