Humans Continue To Be "Weak Link" In Data Security
ChiefMonkeyGrinder writes "Nearly 90 percent of IT workers in the UK have said a laptop in their organization has been reported lost or stolen, new research has found. Sixty-one percent said that this then resulted in a data breach, according to the '2010 Human Factor in Laptop Encryption Study: United Kingdom,' a report produced by the Ponemon Institute for Absolute Software."
Any procedure, any system, any protocol, anything fails 9 out of 10 times due to human error. Why we let these insecure parts remain a critical part in anything is beyond me.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Can't agree more. Encryption is such a basic and fundamental requirement that if you're security team isn't working on a way to encrypt your data now, they should have it already done.
A question that should be asked more though that it currently is, is why do you need this data on easily stolen device. For example, why do customer records need to be on a laptop, why is this confidential document on a USB stick?
In my work place, no one can transfer anything off our internal network via data transfer. USB sticks will not be detected by machines. There are no open ethernet cables so if you try to connect a laptop to the cable running into your machine, it wont work. If anyone wants anything taken from the network, they need to raise a request and then if its granted, they will get the data encrypted and placed on a USB stick or laptop of their choice. We have a record of where things were taken from, when they were, requested by whom, authorised by whom. Users may find it slightly inconvenient but our data is secure, controlled and even in the event on a lost laptop or USB stick, we know that its encrypted to a high standard
There is no -1 disagree
If IT departments really would care about password security, and insist on complex passwords AND not writing them down, they should start treating a forgotten password as something normal, and not a chance to ridicule that poor guy who forgot it again.
Whats worse for security? Resetting that poor guys password twice a week or have him trying to avoid is by using a post it under his keyboard?
bickerdyke