Ponemon Studies Off-Network DevicesPonemon Institute examines security risk posed by off-network, data-bearing equipment
TRAVERSE CITY, Mich. and COLUMBUS, Ohio -- On August 7, financial services firm Merrill Lynch reported the theft of a laptop computer from its New Jersey corporate office a computer containing sensitive personal and financial information, including Social Security numbers, for 33,000 of its employees. Such breaches of confidential information have become routine news for one simple reason: though sparing no expense to guard the security of their networks, corporations often fail to protect data on devices that are disconnected from the network.
According to a new study by the Ponemon Institute, 73 percent of corporations experienced the loss or theft of a data-bearing asset in the last 24 months, yet those same organizations report limited efforts to manage this vulnerability. The new Ponemon report, National Survey: The Insecurity of Off-Network Security, will be discussed in detail today by study author Dr. Larry Ponemon, founder and chairman, Ponemon Institute, and study sponsor, Robert Houghton, president, Redemtech, during the Privacy Symposium at Harvard University.
Among the National Survey: The Insecurity of Off-Network Securitys significant results:
62 percent of study respondents confirm or are unsure if their off-network equipment contains unprotected sensitive or confidential information;
Yet 39 percent do not view the management of off-network data bearing equipment a critical component to security;
70 percent of data breaches result from the loss of off-network equipment; and,
30 percent say they would never detect the loss or theft of confidential data from off-network equipment.
Protecting data that is stored on devices outside the confines and control of the corporate network is a problem for which many companies simply do not have a solution, Ponemon said. Our research shows that, while most companies recognize the risk off-network data poses, few seem to have a grasp on how to manage the many challenges off-network data present to maintaining a strong data security program, and many do not even have a policy to address the situation.
Ponemon Institute LLC