Taken to the Cleaners?
The following news release popped up in my mailbox this morning:
London, 20 January 2010 A survey released today reveals that in the last year, 4,500 memory sticks have been forgotten in people's pockets as they take their clothes to be washed at the local dry cleaners. From 6 April onwards if data is lost and it causes a major security breach, this could now cost a company up to £500k with new powers given to the Information Commissioner's office (ICO) to fine companies who have not sufficiently protected customers details under the Data Protection Act.
However, when compared with the same study twelve months ago, the number of these devices languishing forgotten in people's pockets has halved, and yet it's still a staggering number of possible data breaches and a potential money spinner for the ICO. However, the study sponsor, data security experts CREDANT Technologies, has a theory that this decline is likely to be a change in users' habits as opposed to a significant breakthrough in people's vigilance. In fact, its experience on the frontline of this battle is that users are now downloading information onto smartphones and netbooks, which have boomed in popularity in the last year, so although on the surface the decline looks promising in reality, the situation has just been spread across a multitude of other devices.
Sean Glynn, vice president and chief marketing officer at Credant Technologies said "Although this study shows a positive drop in the number of lost memory sticks we would urge users to take more care than ever not to download unprotected customer details and other sensitive information that if lost could lead to a security breach, especially now there are harsh fines afoot."
The survey was carried out in the UK to gauge the frequency and ease with which mobile devices, such as memory sticks, are lost or forgotten in strange places such as dry cleaners and should warn people across the globe to demonstrate prudence when downloading information to carry around with them as it does frequently get lost. In previous studies conducted by Credant Technologies amongst taxi drivers in London and New York over 12,500 handheld devices such as laptops, iPods and memory sticks are forgotten at the back of taxis every 6 months!
Concluding, Glynn said "This survey is just one illustration of the stark truth that device losses are happening everywhere, everyday, worldwide. Organisations want to leverage the business benefits of mobile computing and provide their employees the flexibility to work wherever and whenever they want to. However, this must be balanced with the requirement of protecting the organisations' data, especially to avoid penalties, such as that promised by the ICO, brand damage or even embarrassing press headlines. If sensitive or valuable data is being carried then people should protect it with encryption to prevent unauthorised access at any point - as it could easily end up in the wrong hands."[end]
It's easy enough to grin at this or say that it's a problem "over there." But I don't believe that Britons are inherently more careless than we are about leaving things in their pockets or in taxis. It's all to easy to easy to do.
In the midst of our passionate love affair with mobility (Editorial note: Yes, I LOVE my netbook, although I have yet to succumb to the lure of the smart phone.), it's also easy to forget how vulnerable these devices really are. In our eagerness to have access to our work files at home, in boarding lounges, coffee houses, trains, cars, the check-out aisle at the QuikkieMart and the back pew in church, we tend to lose site of the fact that our mobile connections are all too public in the strictest sense of the word; that is, "open to all persons" or "open to the view of all; existing or conducted in public."
Striking the right balance between security and convenience is tricky. I have a family member who works for a large global consulting firm where using a memory stick on a corporate computer is a firing offense. We may not want to go that far, but some restraint, or at least control, surely has to be part of the picture. Yes, encryption can be a pain (and it's not fool-proof), as is going to the office on a weekend because the files are resident on a computer there and nowhere else, but that--or chaining our portable devices to us so we don't forget them somewhere--seem to be the only solutions.
Next time someone from IT tells you you can't log on to a particular network remotely, you might remind yourself that he or she may not just be in the business of making your life hard, but of protecting you from yourself.