Get a Seatbelt for Your Laptop
By Bob Heard, CREDANT Technologies
It wasn’t all that long ago that cars were not required to be equipped with seatbelts. Fortunately for us, the government stepped in and regulated safety standards for all new vehicles, thereby saving millions of lives each year.
It was an even shorter time ago that organizations did not believe that it was necessary to protect data stored on laptops, handhelds and portable storage devices. And while the government has stepped in and put several new data privacy regulatory measures into place—California SB1386 and HIPAA come to mind—are companies doing enough to truly protect their employees and customers?
Some research suggests not. Even with regulatory acts in place, Gartner estimates that 90 percent of personal mobile devices have inadequate security to protect against even common situations, such as being left in the backseat of a car. As a result of such incidents, a recent study conducted by the Ponemon Institute revealed that about one in nine adults received a letter in the mail this past year informing them that, due to a data breach, their personal information had been lost or stolen.
This number is excruciatingly high when you consider that companies are required to have reasonable protection for customer information. So, if companies are federally ordered to protect customer information, how is that so many people are still falling victim to lost information?
Who is Accessing Your Network?
Personal mobile devices have become all too commonplace in today’s workplace. BlackBerrys, iPAQs, Treos, laptops, thumb drives and even iPods are all finding their way into offices and data is being synchronized to them. Take employee John Doe for example. When he brings his Treo into the office, he immediately synchronizes all of his sensitive e-mails; say he then leaves the device in the backseat of a cab—your company never knows that sensitive corporate and customer information is out for anyone to find. This also begs the question …
What Other Information is on Mobile Devices?
John Doe synchronized company e-mail to his device, but that’s not the only information making its way onto mobile devices. A recent study we conducted showed that 67 percent of people who had a lost or stolen laptop stored confidential business information on the device. Another 26 percent reported storing confidential personal information, such as social security numbers and credit card information, while an additional 25 percent reported storing passwords used to connect the corporate network.
Perhaps the most disturbing figure is that 14 percent of those with lost or stolen laptops reported storing information governed by regulations, including patient information, customer or client social security numbers and other private data.
And these figures only apply to lost or stolen laptops. When you consider that this same information is making its way onto other handheld mobile devices—even thumb drives and iPods—it reveals that keeping company and customer information private is going to take a little more than just a handful of regulatory acts.
An Integral Roll Bar for Your Treo
Back in the early 70s, when automobile safety was just a matter of regulatory compliance, one automaker stood out. While all the other manufacturers were fulfilling their regulatory obligations, Volvo had a vision. Instead of waiting for the government to mandate safety features, they implemented front and rear airbags, ABS and an integral roll bar. Today, every corporation has the opportunity to be like Volvo and differentiate themselves in terms of customer safety.
Just as Volvo used cutting-edge technology to not only meet its regulatory obligations, but to increase customer safety as well, technology exists that allows companies to bring an added amount of security to customer information stored on personal and corporate mobile devices.
Access control and encryption technology for mobile devices is not new, but many organizations have yet to take advantage of these tools. And while access controls and encryption technology are the best strategy for protecting information once it is on a mobile device, many companies opt to not employ any sort of prevention strategy.
Companies should take the initiative and incorporate technology that automatically detects and protects new “Christmas or birthday gifts” that are brought into the workplace and now have company e-mail and other data synchronized to them. Without security, should a device be stolen or lost, the company’s information is easily out there for anyone to find—a Good Samaritan, an identity thief or even your competition. Employers need to take the initiative and establish security policies that can be automatically enforced on the mobile device to protect the data that is transferred to these personal devices.
And while the combination of access control and encryption may seem like enough for corporations to protect themselves, perhaps nothing is as important as educating employees. A company’s workforce needs to understand the risks of failing to meet regulatory compliance and why it is important to protect both corporate and personal mobile devices. Educated employees are more likely to take security measures seriously to protect themselves and their clients.
Protecting the privacy of company and customer information is no longer just a matter of regulatory compliance. It’s a matter of differentiating your company’s security measures from everyone else’s and providing the best protection for your customers. It’s time to buckle thoseseat belts, hit the proverbial gas pedal and start using technology to better protect the information stored on today’s mobile devices. After all, the roll bar worked for the auto industry. Make it work for yours.
Bob Heard is the CEO and Founder of CREDANT Technologies. CREDANT is headquartered in Dallas, Texas. Heard can be contacted at .