Powered By InformationWeek Business Technology Network
 
Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

Misconceptions About Laptop Encryption May Put Data At Risk

Overconfidence in encryption's capabilities may cause workers to ignore best practices, Ponemon study says

Jan 15, 2009 | 02:27 PM

By Tim Wilson
DarkReading

Now that they have encryption capabilities on their laptops, many end users may be overconfident about the safety of the data that resides on them, according to a study published this week.

The laptop encryption study, conducted by Ponemon Institute and sponsored by security vendor Absolute Software, found that many workers think the data on their encrypted PCs is safe, but that their behavior on the road may continue to put that data at risk.

The survey of more than 1,500 individuals -- including approximately 700 IT security professionals and more than 800 non-IT workers -- indicates that users with laptop encryption are now in the majority, about 58 percent of the study sample. However, Ponemon says that non-IT workers may have developed misconceptions about the power of those encryption capabilities to protect their data.

For example, 61 percent of non-IT workers believe that encryption "prevents the theft of my information by cybercriminals," the study says. Sixty-six percent say they no longer worry about losing their laptops because the data is encrypted. Sixty percent agree that encryption "makes it unnecessary to use other security measures."

These misconceptions may cause employees to disregard other important security practices, Ponemon suggests. For example, 30 percent of non-IT workers say they frequently leave their laptops with strangers while traveling, while 28 percent say they frequently leave their computers alone in insecure locations. Sixty-nine percent say they never physically lock their computers to their desks, and 73 percent say they never use a privacy shield to protect their computer screens from prying eyes.

In addition, Ponemon says, many users are lax in their use of encryption technology. In the survey, some 56 percent of non-IT workers admitted to turning off the encryption capabilities on their laptops for some period of time. Twenty-eight percent admit to sharing their encryption passwords with others, and 36 percent say they remember their passwords with a paper document, such as a post-it note. Sixty-eight percent say they rarely, if ever, use complex passwords.

"We believe that the primary conclusion that can be drawn from this study is that business managers are either negligent in the protection of sensitive and confidential information on their laptops, or they may be overly dependent on encryption to keep this information secure," the study says.

"Encryption is an excellent security tool," the study observes. "However, if encryption is turned off, if passwords are shared, or if other risks are taken, organizations that utilize encryption technologies alone to ensure the security of confidential information may not be well-protected from the possibility of a data breach."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message


Subscribe to RSS



Insider Threat Reports

report Inside Out: Protecting Your Partnerships -- and Your Data
Today's businesses depend on e-commerce among partners, but allowing third parties to access internal networks may endanger your data. How can IT security pros ensure that contractors, supplies and others get the access they need -- without becoming threats? This report offers some answers.

report Rotten Apples: How To Detect And Stop Malicious Insiders In Your Organization
Most data leaks are unintentional - but in every enterprise, there are a few hard cases that defy this truism and threaten the very heart of your data.What can you do to stop these rotten apples from using their intimate knowledge of your organization - and its data access methods - to wreak havoc? This report offers a detailed look at how malicious insiders might attack your data, how they’re motivated, and what you can do to stop them.

report Understanding The Insider Threat
Think you know your trusted users? Think again. The availability of new Internet technologies and the pressures of a spiraling economy are changing the nature of the data breach, and your employees may have their fingers on the trigger. This report offers a look at the full spectrum of insider threats, and the risks associated with each.

report Well-Meaning Employees -- And How To Stop Them
The most dangerous threat to your data isn't hackers or criminal insiders: it's the well-meaning employee, whose missteps may lead to the unintentional leak of your most sensitive corporate data. Learn how employees accidentally expose sensitive information, and how you can keep those good intentions from paving the road to your company's ruin.