Quantcast

Absolute and Ponemon Institute Study Shows Many Employees Undermine Traditional Data Breach Prevention Strategies

January 13, 2009
    Study finds 56% of U.S. business managers disable laptop encryption,
    increasing risk of data and identity theft

VANCOUVER, BC, and TRAVERSE CITY, MI, Jan. 13 /PRNewswire-FirstCall/ – Absolute(R) Software Corporation and the Ponemon Institute today announced the findings of a new study on the use of encryption on laptops by employees within corporations in the U.S. The study, “The Human Factor in Laptop Encryption: US Study,” revealed that more than half (56%) of business (non-IT) managers polled, disable the encryption solution on their laptops. Ninety-two percent of IT security practitioners report that someone in their organization has had a laptop lost or stolen and 71% report that it resulted in a data breach. Results indicate that it is employee behavior that undermines data protection efforts in corporate America. Companion studies of UK and Canadian companies are also available.

“The data suggests that, because of user behavior, encryption alone is not enough to protect mobile devices and the sensitive data stored on them,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. “These statistics are especially disconcerting when combined with our recent studies demonstrating that lost or stolen laptops are the number one cause of data loss, with 3 out of 4 companies experiencing a data breach when a laptop has been lost or stolen.”

The report shows that many business managers fail to take necessary precautions to secure their laptops, such as using additional security solutions, and instead are overly dependent on their encryption solutions to protect the sensitive data on their laptops.

    "The Human Factor in Laptop Encryption: U.S. Study" key findings include:

    -   92% of IT security practitioners report that someone in their
        organization has had a laptop lost or stolen and 71% report that it
        resulted in a data breach;
    -   56% of business managers have disengaged their laptop's encryption;
    -   Only 45% of IT security practitioners report that their organization
        was able to prove the contents of missing laptops were encrypted;
    -   Only 52% of business managers - employees most likely to have access
        to the most sensitive data (personally identifiable information
        and/or intellectual property) - have employer-provided encryption;
    -   57% of business managers either keep a written record of their
        encryption password, or share it with others in case they forget it;
    -   61% of business managers share their passwords, compared to only 4%
        of IT managers; and,
    -   Business managers are much more likely than IT security practitioners
        to believe encryption makes it unnecessary to use other security
        measures for laptop protection.

In the event of a theft, companies relying solely on encryption cannot be sure whether all stored data on a laptop has been encrypted, if it has been compromised, or even which files have been accessed by thieves. This can leave corporations with gaping holes in their security efforts, and risk exposing the company, employees, customers and consumers to data and identity theft. To help solve security risks that encryption alone cannot adequately address, companies can employ a security solution that can locate a stolen or lost laptop, detect which data has been accessed, and remotely delete sensitive data.

“This research highlights what Absolute has long-emphasized: while encryption technology provides a high-degree of data protection, it must be complemented by additional security layers that are not dependent on the diligent behavior of corporate employees,” John Livingston, chairman and CEO of Absolute Software said. “If I were tasked with data security, I would read this study in detail and immediately assess my company’s data protection strategy, especially if I was reliant solely on encryption. Corporations may incorrectly assume that since it is company policy to encrypt mobile data, they are not at risk for a data breach. With more than half of business managers disabling their encryption solutions, companies are left incredibly vulnerable to theft and data loss if they do not utilize additional layers of security, such as those offered by Absolute.”

Highlights and the complete reports for “The Human Factor in Laptop Encryption” studies for the U.S., U.K. and Canada can be found at: www.absolute.com/humanfactor.

For more information on Absolute Software and its range of computer theft recovery, data protection and IT asset management solutions, please visit: www.absolute.com or www.lojackforlaptops.com.

For a complete list of firmware-supported computers visit www.absolute.com/firmware

About the Ponemon Institute

The Ponemon Institute(C) is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About Absolute Software

Absolute Software Corporation (TSX: ABT) is the leader in computer theft recovery, data protection and Secure Asset Tracking(R) solutions. Absolute Software provides organizations and consumers with solutions in the areas of regulatory compliance, data protection and theft recovery. The Company’s Computrace(R) software is embedded in the firmware of computers by global leaders, including Dell, Fujitsu, General Dynamics Itronix, HP, Lenovo, Motion, Panasonic and Toshiba, and the Company has reselling partnerships with these OEMs and others, including Apple. For more information about Absolute Software and Computrace, visit www.absolute.com and http://blog.absolute.com.

Forward-Looking Statements

This press release contains forward-looking statements that involve risks and uncertainties. These forward-looking statements relate to, among other things, the expected performance of our services and products, the effectiveness of particular computer security technologies, and other statements of intentions and plans contained in this press release that are not historical fact. When used in this press release, the words “plan,” “expect,” “believe,” and similar expressions generally identify forward-looking statements. These statements reflect our current expectations. They are subject to a number of risks and uncertainties, including, but not limited to, changes in technology and general market conditions. In light of the many risks and uncertainties you should understand that we cannot assure you that the forward-looking statements contained in this press release will be realized. Previous successes, timeliness or performance levels of Absolute’s products and services do not guarantee future successes, timeliness or performance levels. Any statistics or studies referenced herein are not predictors of future trends.

(C)2009 Absolute Software Corporation. All rights reserved. Computrace, Secure Asset Tracking and Absolute are registered trademarks of Absolute Software Corporation. LoJack is a registered trademark of LoJack Corporation, used under license by Absolute Software Corporation. LoJack Corporation is not responsible for any content herein. All other trademarks are property of their respective owners. Computrace U.S. patents # 5,715,174, # 5,764,892, # 5,802,280, # 5,896,497, # 6,244,758, # 6,269,392, # 6,300,863, and # 6,507,914. Canadian patents # 2,284,806 and # 2,205,370. U.K. patents # EP793823 and # GB2338101. German patent # 695 125 34.6-08. Australian patent # 699045. Japanese patent # JP4067035. The Toronto Stock Exchange has neither approved nor disapproved of the information contained in this news release.

SOURCE Absolute Software Corporation


Source: newswire



comments powered by Disqus