How to avoid becoming the next data loss headline

Stephen Midgley, Senior Director, Absolute Software explains how organisations can take steps to prevent their data falling into the wrong hands even after one of their mobile devices goes missing…

Stories on data loss are hitting the headlines on a daily basis. Despite most of these laptops having security precautions such as passwords and encryption in place, there is still a lot of fear as to how the data they contain might be used and what the consequences could be.

The data contained on a laptop is likely to be worth considerably more than the actual device itself. For example, according to a Data Loss Survey by McAfee and Datamonitor, the average laptop holds content valued at £550,000, and some could store as much as £5 million in commercially sensitive data and intellectual property.

The repercussions of data breaches are plain for all to see. The UK Government has recently had to admit to a number of embarrassing incidents including the HMRC losing the personal details of 25 million UK families and the MoD admitting to the loss of details of 600,000 forces applicants. Not only do these incidents cause great concern as to the potential of what could happen to this information, but also cause damage to the reputation of the organisations involved.

Managing your assets
If your company is like most organisations, then the likelihood is that your computer population is expanding rapidly. As organisations open up their networks to mobile workers and contractors, they expose themselves to greater security risks.
The biggest security challenge that organisations face when it comes to preventing data loss and security breaches is to understand exactly what data and devices they have and need to secure.

Organisations need to take responsibility for the data on their mobile devices as the information can often be about customers or partners, so the consequences of a breach are far wider than the organisation itself. To take responsibility there needs to be policy and traceability.

Asset management is the key. Someone within the organisation needs to keep track of who has a device and where it is. This is particularly important if a laptop is lost and the sensitive data it contains needs to be wiped.

Encryption is not enough
In addition to tracking your assets, it is also important to ensure that your sensitive data is adequately protected. However, some organisations are under the misguided belief that encryption is all they need to protect their data. Although data encryption solutions are powerful tools, they are a lot like prison walls: they prevent most data breaches, but are powerless to stop a criminal in possession of the keys to the gates. A disgruntled employee with access to passwords can easily obtain and abuse confidential information.

Organisations that do not have a method for preventing internal theft, or recovering lost or stolen devices, leave themselves vulnerable to having critical information compromised. Encryption is also powerless to protect hardware from theft and does nothing to help police track down or lost or stolen devices. It also doesn’t provide organisations with the confidence that stolen data will not be compromised.

Prevention better than cure
In today’s increasingly mobile workplace, security of mobile devices such as laptop computers is essential. It is very easy to mislay your mobile device while on the move and according to a recent survey by the Ponemon Institute, up to 900 laptop computers are either lost or stolen at Heathrow Airport each week.

It is important that businesses have adequate levels of security in place to help protect them against loss or theft. It is equally important that their employees understand what the company’s security policy is and how to comply with it.

Some very obvious and simple steps can be taken to secure both the data and laptops. These range from the obvious, not leaving laptops unattended; the tactical, installing anti-virus software and firewalls; to the strategic, implementing asset tracking and recovery software to track and recover lost or stolen computers, and remotely delete sensitive data.

It is incredibly difficult to ensure that security policies and processes are adhered to by every single member of staff. Many of the recent high profile data loss incidents have been caused by either unauthorised staff making the wrong decisions or negligence.

However, a lost of stolen laptop doesn’t need to be a complete catastrophe and it is still possible to prevent sensitive data falling into the wrong hands. But businesses need to prepare for the worst case scenario and have a robust plan in place should one of its mobile devices go missing.

Theft protection
The implementation of asset tracking and recovery software is becoming more and more necessary for any organisation that holds highly sensitive information on their laptops.

Asset tracking and recovery software enables a lost or stolen laptop to be tracked to its location and remotely cleansed of any sensitive or confidential data it may contain. The ability to remotely delete sensitive data on a stolen laptop mitigates the likelihood of any unscrupulous activity from taking place and will act as an insurance policy against data loss. Had any of the organisations behind some of the recent high profile data loss stories deployed this software on their mobile assets, they could have avoided becoming ‘a headline’ for all the wrong reasons.

Ultimately, the deployment of a robust, multi-layered security solution that incorporates encryption and addresses regulatory compliance, data protection, computer theft and asset tracking should be a ‘must’ for any organisation that holds sensitive information on its mobile devices.


1 Ponemon Institute, Airport Insecurity: the case of lost laptops, 2008

Absolute Software is exhibiting at Infosecurity Europe 2009, the No. 1 industry event in Europe held on 28th – 30th April in its new venue Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk

Source: Infosecurity PR
<>