By Max Clarke
41% of what should be a security savvy audience are carrying sensitive information on unprotected mobile devices, a survey of IT professionals carried out by UK based Origin Storage has revealed.
An alarming 19% of IT professionals revealed that their organisation had suffered a data breach following the loss of a flash drive or smartphone, with 54% confessing the device had not been encrypted - itself an offence under the Data Protection Act.
“When you consider the level of knowledge this audience is assumed to have, working in IT and having some form of security remit,” said Andy Cordial, Origin’s managing director, “yet the lax protection used for sensitive data, it’s hardly surprising data breaches are increasing in frequency and especially recently in size. I’m astounded that 30 percent of organisations are still oblivious to the Data Protection Act and the recommendation from the Information Commissioner that encryption be used to protect sensitive information.”
With 70% of organisations making data encryption mandatory, 11% of those respondents carrying sensitive information unprotected are actually breaching their organisation’s data protection efforts while the other 30 percent are simply following their organisations woefully inadequate example. When digging a little deeper the study, amongst IT security professionals at this year’s Infosecurity Europe show, uncovered a staggering 37% of respondents who confessed that between 81 and 100% of all sensitive data stored on their devices was actually left unprotected — so not just one or two documents transferred in a hurry.
Andy concludes, “The ICO recommends any solution should meet FIPS 140-2 yet 31 percent of our sample flippantly state that it ‘doesn’t matter’. Certification is the only ‘proof’ that the product actually does what the company ‘claim’ it does. It’s not just me saying this because our products have the certification as there have been incidences where products have fundamental design problems, or even companies that have made false claims. My advice — don’t leave security to chance. Lock it down with something that’s actually proven to work or there is a strong possibility you’ll be crying over spilled data.”