Lost laptop lunacy
Filed in archive risk by leon on August 22, 2006

But worse still, most companies are ignorant about what's actually on the missing hardware, according to the Confidential Data at Risk study conducted by the Ponemon Institute.
Nearly two out of three (64 per cent) admitted their companies had never conducted a data inventory to determine where employee and customer information was located, and half (49 per cent) admitted that business confidential information has never been inventoried. Questioned how long it would take to determine what kind of sensitive data was on the missing laptop, file server, desktop or mobile device, the most frequent answer was "never".
This is despite organisations claiming that the intellectual property most at risk included electronic spreadsheets, competitive intelligence and source code.
Sure, firms like Gartner offer tips to prevent data leaks.
But an encryption program about as useful as a sixth finger if you don't know what to encrypt.
This is more than just stupid. It's legally irresponsible.
Sarbanes-Oxley requires CEOs and CFOs to attest to their companies having proper internal controls. If the systems maintaining financial data aren't demonstrably secure, then executives would have difficulty vouching for the validity of the data and the soundness of their internal controls.
In other words, data security is not a matter of "best practice". Lawyers would argue it's now a legal requirement.
So four out of five companies are losing laptops, and that they don't even know what's on them? Sounds like they're asking for legal disaster.
Permalink: Lost laptop lunacy
Tags:
lost laptops Ponemon Institute survey corporate lost+laptop laptop+lunacy hedge+funds
Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/33745

























