Being careless with a company laptop isn’t just about costing your employer a few hundred euro — it could mean a much bigger fallout if the information isn’t protected.
The sacking of a manager at Colchester University Hospital last week, following the theft of his work laptop from a car in June, goes to show how serious the consequences of being scatty with company mobile devices can be.
We’ve had similar cases closer to home: a laptop left at a bus stop, which had information on IDA Ireland companies; a computer memory stick containing information about a prisoner being found in a pub; and a laptop stolen from the Office of the Comptroller and Auditor General that contained information about 380,000 social welfare recipients.
Are we getting as forgetful about laptops as we are with umbrellas? Research by the Ponemon Institute on behalf of Dell has revealed that 4,000 laptops are lost or go missing in Europe’s major airports every week.
If the personal details of customers — such as their bank account numbers, date of birth or social security numbers — are lost, those people are at a higher risk of identity theft. Confidential company information in the wrong hands can mean loss of business, bad publicity and maybe worse.
According to Brian Honan, head of information technology security firm BH Consulting, it’s unfair to blame employees for data leakage if a company hasn’t educated them on how to handle sensitive information.
“Companies should have a data classification policy in place, so staff know what can be publicly disseminated and what needs to stay private,” he says.
“If in doubt about the sensitivity of a document, always check. You shouldn’t take responsibility for what can and cannot be made public. A lot of companies rely on employees’ best judgement, but this is not a good idea.”
He cites a case in the UK last year where a junior employee at HM Revenue & Customs sent a large amount of confidential information on CDs that went missing in transit.
Another important thing to be aware of with data protection is the danger of emailing files to your home account, Honan warns.
“It means company sensitive information is now residing on a personal computer, which may not have the same level of security as the company one. Last year information from a Japanese naval officer’s USB key was leaked because his wife used his peer-to-peer software on his laptop and 18,000 human resources records were lost.
“Sending an email to anybody, particularly over the internet is not secure. It’s like sending information on a postcard. If something sensitive has to be emailed, it should be encrypted.”
Encryption is less cumbersome than it was a few years ago and you can buy solutions to fit into an organisation’s infrastructure. However, Honan says tackling this problem is about more than just technology.
“You have to ask why a person has sensitive information on a laptop or USB key in the first place. Technology can help stop the problem, but a lot of it is down to processes and people.”
© Whitespace Ltd 2008