Unencrypted Laptops and Portable Storage: How to Determine If You Are at Risk

In the past, sensitive data was always stored in hard copy form in one centralized location. Loss of crucial information by organizations and individuals has become widespread due to the increased use of laptops and portable storage devices.

Organizations and individuals have had sensitive data exposed as a result of the information being stored in devices that are mobile and can easily be lost. The loss can be due to attacks by criminals with malicious intent or it can simply be caused by human forgetfulness. Additionally, portable storage has allowed data to be shared between computers and mobile devices which provide an easy opening for a malware infection to spread among the machines, as well as the networks where the data is being released.

How to Determine If You Are at Risk

Every organization has some kind of policy in place to secure sensitive information. However, with the increased use of technology, some organizations fail to employ active controls to ensure that technology such as laptops and portable storage contain some type of encryption for preventing the risk of exposing sensitive data.

To determine if you are at risk you should find out if the organization takes the following security measures:

  • Transfer of Confidential Data: Find out if the organization has a policy in place that covers the transfer of confidential information onto portable storage or laptops. There should be specific rules and regulations in place for this type of data transfer and data security.
  • Encryption: An organization that uses multiple portable devices such as laptops and mobile storage should have some type of encryption system installed within the devices.
  • Tracking System: The organization should have a system in place that tracks access to confidential information. The system should also be capable of identifying when inappropriate access has occurred.
  • IT Asset Disposal: When upgrading to new technology the organization should have an IT asset disposal policy in place, as well as a policy for wiping out data on portable storage devices that are being disposed of. Generally there is a standard protocol that organizations are required to follow with regard to IT asset disposal. Find out what the policies are and make sure they are following them.
  • Written Security Policy: There should be an established data security policy that outlines the guidelines for using laptops and portable storage devices. The policy should include rules that pertain to the encryption of data on laptops and portable storage devices. The policy should include who is authorized to use the portable devices, the type of data that can be stored on them, and where the portable devices can be used.
  • Notification Safeguards: There should also be a policy in place that requires notification to be provided to technical personnel when confidential data is transferred to portable storage devices or laptops. This policy encourages encryption for full disk and partial disk applications.
  • Decryption Methods: Encryption keys should be limited to a specific set of individuals and should not be an organization-wide policy. This includes strict enforcement of key sharing rules.
(0 Comments)
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.