Security Firm BlockMaster ran a survey which found that users consider a number of (comparatively) trivial issues to be more concerning than the loss of removeable media.

For example, 58% of users stated that they considered a broken laptop to pose a greater financial risk than the loss of a USB stick containing sensitive information.

An astonishing 30% were more concerned about whether or not they would be snowed in overnight (just 29% rated the lost data as most important). Similarly 42% were more concerned about losing Christmas presents.

The results suggest that a lack of user awareness remains persistent, the decision that a broken laptop could be more costly suggests that users remain unaware of the potential £500,000 fine that could be levied against a company for losing customer data.

The business cost alone of sensitive information being lost could be substantial. If commercially sensitive information is mislaid, it could be used by a competitor to gain an unfair advantage.

Resolving the Issue

Clearly, further user training is required to raise awareness. Training, unfortunately, only forms part of the solution. Businesses need to implement and enforce a policy intended to protect this sensitive data;

• Mandatory full harddrive encryption on all portable systems (i.e. Laptops and PDA's)
• Prevent Personal Devices from being connected to the Corporate Network
• Ensure only encrypted removeable media (USB Sticks, CD's etc) may be used on all corporate machines

These steps will help to ensure that if data is lost, anyone finding the media is denied access to it. User training, however, is essential in ensuring that sensitive information is not e-mailed (or for that matter FTP'd) unencrypted.