Organizations often are not able to prove data on lost or stolen computers was encrypted.
Encryption is one of the most important security tools in the defense of information assets. Ponemon Institute has conducted numerous studies on organizations’ use of encryption to prevent the loss of sensitive and confidential information. These studies have shown that encryption can be an effective deterrent. However, our studies also show that in order to be effective, encryption requires organizations and users to take appropriate steps to make sure sensitive and confidential information is protected as much as possible.
The Human Factor in Laptop Encryption to understand employees’ perceptions about ensuring that information assets entrusted to their care are effectively managed in encryption environments, especially the use of whole disk encryption on laptop computers. The study also was conducted in the United States and Canada. The results are published in separate reports.
What we learned is that a high percentage of employees we surveyed in business functions (referred to as business managers in this report) are not taking such precautionary steps as using complex passwords, not sharing passwords, using a privacy screen shield, keeping their laptop physically safe when traveling or locking their laptops to their desks to protect sensitive and confidential data. Further, many respondents believe that encrypted solutions make it unnecessary to take other security measures.
In contrast, their colleagues in IT and IT security functions (referred to as IT security practitioners in this report) are diligent in taking all or most precautionary steps to safeguard the sensitive and confidential information on their laptops. They believe encryption is an important security tool, but believe it is critical to follow certain procedures to ensure that data is protected if a laptop is lost or stolen. Info delivered by Dr. Larry Ponemon
The above chart also shows that 50% of business managers report that someone in their organization had their laptop lost or stolen and 26% say it resulted in a data breach. Only 18% report that the organization was able to prove that the contents of the laptop were encrypted.
There is more confidence among IT security practitioners in the ability of encryption to protect the sensitive and confidential information that resides on their laptops. Ponemon Institute conducted this study sponsored by Absolute Software.
Posts
