Why are laptops still leaking data?

/ Security
Last updated on April 16th, 2020

IT security - Why are laptops still leaking data?

We constantly see a lot of information in the media relating to some kind of lost company data. The risk and dangers of data going astray has been called time and time again over the past 10+ years. The whole of the business world knows about it, talks about it for a week or so, and then forgets again.

It seems that everyone thinks ‘I need to deal with our data security’, time passes on and they the necessity of a decent data backup plan, data encryption system, device encryption, data leakage prevention, system auditing, internet controls, e.t.c. somehow slips from their mind. The risk doesn’t cause the responsible person immediate pain so it gets pushed to the back burner. Or gets put on the to-do list at some point, stays there for a while, and then drops off.

Shockingly, people still say to me ‘our data isn’t really of any interest to anyone’. This is frustrating because I’m sure the customer database, financials, pricing and strategy plans would be very interesting for the competition. Alternatively, someone could use the data on a stolen laptop to seriously damage an organisation or, at the very least, the owner of that laptop.

It does beggar belief how these issues keep happening, even though the risks are old ones. A company will be paranoid in about securing their physical premises, but they still won’t secure their company and customer data effectively.

A few points to sharpen your mind:

1. Encryption

I’m relatively confident that if you were to lose an unencrypted laptop, you would suffer a breach of your whole company security. Or, someone could extract a whole host of useful or damaging information with relative ease. There are a wealth of endpoint encryption products on the market to protect your systems.

2. Mobile devices

The rise of the mobile device, such as the windows based mobile and Blackberry is huge and still growing rapidly. It’s essentially a neat little package full of confidential information, which can easily be lost or stolen. You should set up remote wiping where possible. Then if someone loses a device, for example, you can wipe it remotely. However, this does not guarantee that someone would not be able to recover the data, so you should also encrypt the device.

3. Backups

Chances are that your backup data, in terms of disks or tapes are unencrypted. They do make a handy little package for taking all the company data in one swoop. Then often returned without anyone knowing it ever went missing. You should of course also be testing your backup and restore systems regularly.

4. Leakage

So much company data is lost through the email system, web applications, USB devices, CD-burners, etc. If an employee is leaving to join the competition, leaking information, setting up a rival company, most companies will never even realise the data has gone.

There are of course other holes and risks and it all depends on your environment/operations what they are. Although the areas in this article are common, businesses of types continue to overlook them. Assessing and addressing them will give you improved protection.

I would of course always advise regularly assessing and testing your security policy and controls as a matter of course. I found the ISO 27001 framework very useful for continual evaluation and control of risks. It’s obviously a big beast to undertake as it goes much further than data leakage but it’s a great way to get a true vision of your environment.

NEXT>> 10 ways to protect sensitive business data

/ Technical
10 quick things to consider when looking for a cloud solution

Making the leap to the cloud can be daunting but here are some things to ask a cloud provider and considerations to make that will make your future a little less uncertain. If the solution doesn’t interface with other vendors and solutions then think twice. Know your exit from your cloud service provider before you […]

/ Strategy
3 things that will make remote working a great success

The clocks have gone back, the mornings are darker and the evenings are drawing in, there’s no doubt about it – winter is making its arrival. With the UK being warned to brace itself for some of the harshest, snowiest winter weather in years it is time to consider how the wintry conditions could affect […]

/ Technical
Business continuity is not just about backups!

The number of businesses I speak to who don’t have a Business Continuity Plan (BCP) is horrendous. I usually get the stock reply of “but we do backups”. Creating backups is not preparing your business for all potential eventualities that could hinder, damage or destroy your business. Anyway, regarding backups – the problem is that […]