According to a survey organised by Credant Technologies amongst licensed London taxi drivers, passengers leave around 10,000 mobile phones a month in the back of taxis (which equates to one every two months per taxi), and more than 1,000 other handheld devices, including iPods, laptops and memory sticks. Statistically, a London taxi cab is good place to lose your mobile device, as 80 per cent of taxi drivers managed to reunite passengers with their lost property; however, with the party season fast approaching, and more data carried about our person than ever before, organisations should ensure that all commercially sensitive data and information is protected by enforceable corporate policies and procedures.
Despite claims, business leaders are failing to prioritise information security
According to the 2008 Information Security Breaches Survey a report commissioned by the UK governments Department for Business Enterprise & Regulatory Reform (BERR) 81 per cent of companies believe that that the executive management team gives a high or very high priority to information security. However, as only 11 per cent of large organisations have implemented an accredited Information Security Management System (such as BS 7799/ISO 27001), business leaders are simply paying lip service to this important aspect of corporate governance. This assertion appears to be supported by the fact that only half of the companies surveyed in Greater London considered their senior management had a very clear understanding of information security issues.
Were only human, so losing a memory stick, a mobile phone or a laptop is inevitable. This being the case, we should all consider the ramifications of this happening sooner or later. Indeed, as it might not be a business device we lose, we should all consider the personal consequences, such as identity theft, of losing a phone with personal data on it.
According to the 2008 BERR survey, 67 per cent of organisations do nothing to prevent confidential data leaving the confines of the corporate network on USB sticks. This means that most organisations have no idea how much of their commercially sensitive data is residing on unmanaged devices, and it therefore follows that they have little or no sense of the business risk if this data were to be lost or stolen.
Some organisations I have spoken to recently are seriously contemplating a strict ban on the practice of taking corporate data off site, either on mobile devices or via removable media; but for most organisations this is not a practical measure, and so we must turn to data leakage prevention (DLP) products.
Data leakage prevention offerings can provide a low-cost solution
DLP offerings help organisations guard against corporate data loss, and help mitigate business risk by enforcing corporate information security policies that relate to industry, regulatory and governmental data-security standards. Protecting data egress points, such as laptops and desktop PCs, need not be expensive with DLP products (around £20 per computer), and when supported by integrated management and auditing software, organisations quickly regain control of an important aspect of the business.
Sign up for CIO Asia eNewsletters.