If you thought you’d been seeing a lot of stories about companies losing laptops containing personal information, here’s why: more than 80 percent of companies have lost a laptop with “sensitive data” on it in the past year, according to a new survey discussed by TechDirt:
“The biggest problem, according to the company behind the survey, is that firms don’t keep track of where personal and other sensitive data is kept, which would seem to evoke the old saying that you should never attribute to malice what can be explained by incompetence.
The most obvious solution would appear to be for companies to figure out exactly where all this data is living, and come up with some rules limiting employees’ access to it and preventing them from carrying it around unless it’s absolutely necessary. As an added benefit, the mere existence of such a policy, even if it isn’t enforced, or soundly written can be enough to get a company off the hook should they leak personal data – just another way companies are being motivated to really take these things seriously.
So many of these instances, at least the ones that come to light, aren’t taken seriously because the leaked data never gets used, with many companies not taking any proactive steps to secure their data, banking on a variation of security via obscurity that’s more like security-via-can’t-be-bothered. But with people advertising the value of leaked data, security policies founded on thieves’ ignorance can’t be effective much longer.”