Security requires cultural change

When was the last time you used a password? Probably this morning when you logged on. Now think about the last time you left your laptop unattended. Probably during this mornings catch-up meeting or during an offsite conference breakout session.

The risk
Business travellers in the US and Europe lose a staggering 15,648 laptops per week, according to a study issued Dell. 900 are estimated to be lost each week at Heathrow alone.

Worryingly, the survey by Ponemon Institute found a high number of travellers who took no steps to protect or secure the information contained on their laptops.

British travellers admitted that 59% of them did not take steps to protect the confidential information contained on their laptops, 71% of Spanish travellers. 50% of trusting US travellers said that they left their laptop computers under the watchful eye of a fellow passenger, 42% of UK travellers did the same

We commissioned our own IDC study of SMEs in 2007. It showed that the cost is not just restricted to replacing the lost laptop, 49% of SMEs take two to four days to replace a laptop, causing huge disruption. Approximately 17% of the total cost to the business is attributed to lost man hours. On top of this there are not insignificant fines. In 2007 Spanish authorities issued fines following data breaches totalling €19 million.

Data loss is an issue that organisations have battled with for many years. We invented the K Slot and Kensington Lock in 1992 and more than 10 years later, in 2003, the BBC reported that one in 17 public sector workers said that they had either lost or had their laptop stolen.

Now as laptops have penetrated all areas of the workplace it is clear that organisations are more at risk than ever before.

Policies and enforcement

In the past valuable data was protected behind the closed doors of the server room and the PC was safely tucked away in the office. Today there is a large mobile workforce armed with mobile devices storing valuable business information.

Organisations can no longer afford to be complacent about the physical security of their laptop computers. If you enforce a cohesive approach to information security – incorporating both physical and network security measures – you will save your business time, money and avoid potentially damaging embarrassment.

Mangers want to minimise the time and energy spent policing their direct reports and focus on the business of the day. That’s why it’s important to make the right investments that will help prevent laptop theft and data loss

Cultural shift

All organisations have data protection policies and procedures to protect the security of the data for which they are responsible. Remember that data has been entrusted to an organisation by its customers. Unfortunately, this data is only as secure as the devices on which it is stored and the mindset of its owner. Whilst organisations need to be comfortable with their level of network security they and their employees must recognise that this protection only protects data stored on a network.

No matter where data is lost or stolen from, the consequences are the same. The customer will hold the organisation to account. By incorporating the use and management of mobile devices into company data management policies and increasing the awareness and appreciation of the impact of data loss amongst their mobile workforce, they can take steps towards reducing the risk of theft.

Our message is that the first line of defence is not the password but the lock. The organisations that safeguard their data most effectively are those that do more than simply issuing a lock to their staff. Security is only effective when it’s addressed by management of technology together with people and procedures.

George Foot is Sales & Marketing Director Kensington Europe. Kensington is the world’s number one selling notebook lock manufacturer and inventor of the industry standard K-slot.