Endpoint
1/15/2009
04:27 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Misconceptions About Laptop Encryption May Put Data At Risk

Overconfidence in encryption's capabilities may cause workers to ignore best practices, Ponemon study says

Now that they have encryption capabilities on their laptops, many end users may be overconfident about the safety of the data that resides on them, according to a study published this week.

The laptop encryption study, conducted by Ponemon Institute and sponsored by security vendor Absolute Software, found that many workers think the data on their encrypted PCs is safe, but that their behavior on the road may continue to put that data at risk.

The survey of more than 1,500 individuals -- including approximately 700 IT security professionals and more than 800 non-IT workers -- indicates that users with laptop encryption are now in the majority, about 58 percent of the study sample. However, Ponemon says that non-IT workers may have developed misconceptions about the power of those encryption capabilities to protect their data.

For example, 61 percent of non-IT workers believe that encryption "prevents the theft of my information by cybercriminals," the study says. Sixty-six percent say they no longer worry about losing their laptops because the data is encrypted. Sixty percent agree that encryption "makes it unnecessary to use other security measures."

These misconceptions may cause employees to disregard other important security practices, Ponemon suggests. For example, 30 percent of non-IT workers say they frequently leave their laptops with strangers while traveling, while 28 percent say they frequently leave their computers alone in insecure locations. Sixty-nine percent say they never physically lock their computers to their desks, and 73 percent say they never use a privacy shield to protect their computer screens from prying eyes.

In addition, Ponemon says, many users are lax in their use of encryption technology. In the survey, some 56 percent of non-IT workers admitted to turning off the encryption capabilities on their laptops for some period of time. Twenty-eight percent admit to sharing their encryption passwords with others, and 36 percent say they remember their passwords with a paper document, such as a post-it note. Sixty-eight percent say they rarely, if ever, use complex passwords.

"We believe that the primary conclusion that can be drawn from this study is that business managers are either negligent in the protection of sensitive and confidential information on their laptops, or they may be overly dependent on encryption to keep this information secure," the study says.

"Encryption is an excellent security tool," the study observes. "However, if encryption is turned off, if passwords are shared, or if other risks are taken, organizations that utilize encryption technologies alone to ensure the security of confidential information may not be well-protected from the possibility of a data breach."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web