Cyber Security Institute

Friday, September 14, 2007

Data Disconnect: Do You Know Where Your Mobile Devices Are Tonight?

The results from a recent study by the Ponemon Institute show that the majority of businesses don’t manage the protection of these devices very well.  One example: On August 7, financial services firm Merrill Lynch reported the theft of a laptop computer from its New Jersey corporate office—a laptop containing sensitive personal and financial information, including Social Security numbers, for 33,000 of its employees.  Such breaches of confidential information have become routine news for one simple reason: even companies with large budgets to guard the security of their networks often fail to protect data on devices that are disconnected from the network.  According to a Ponemon study, 73 percent of corporations surveyed experienced the loss or theft of a data-bearing asset in the last 24 months, yet those same organizations report limited efforts to manage this vulnerability.

“Our research shows that, while most companies (including financial institutions) recognize the risk off-network data poses, few seem to have a grasp on how to manage the many challenges off-network data present to maintaining a strong data security program, and many do not even have a policy to address the situation.”

62 percent of study respondents confirm or are unsure if their off-network equipment contains unprotected sensitive or confidential information; At same time, 39 percent do not view the management of off-network data bearing equipment a critical component to security; 70 percent of data breaches result from the loss of off-network equipment; and, 30 percent say they would never detect the loss or theft of confidential data from off-network equipment.

http://www.bankinfosecurity.com/articles.php?art_id=571