Guess where your employees are most likely to lose their laptop. Home? Airport? Car?
Try the office.
A new survey of Global 2000 professionals suggests laptops are most likely to be lost or stolen at work. And 90% of those missing devices contain confidential business information, such as sensitive e-mails, network passwords and proprietary documents. Add in that 82% are never recovered, and you've got a lot of corporate secrets circulating in the open.
"Everyone knows to guard their devices when they're traveling, but the results we found about the office were quite shocking," said Bob Heard, CEO of CREDANT Technologies, a security software provider that conducted the survey this summer. Some 16,700 professionals were invited to participate and, among the 456 that responded, 283 of them qualified. The results outlined in the report are based on those that qualified.
Some other key findings include:
- The office ranked first is places where laptops disappeared, accounting for 29% of answers. Cars ranked second with 25% and airports were third at 14%.
- Almost 75% of missing laptops didn't meet encryption data requirements mandated by California SB 1386 and other states' breach notification laws, as well as data privacy regulations like HIPAA.
- It took at least five days for almost all respondents to have their laptops and all the applications and data replaced, resulting in lost productivity.
- In 70% of the cases, the employees were merely issued new laptops. Only 14% were reprimanded.
- Only 56% reported the theft or loss to police. Even fewer, 39%, told the insurance company.
"Most concerning is that the two most likely places laptops were lost or stolen was while respondents were going about their everyday business," the report on corporate exposure stated. "When looking at how the respondents commented on their stolen laptop, many mentioned the physical security of the device but no one mentioned the information security of the device. In most circumstances, the information value contained on the laptop far outweighs the hardware/software value."
Most likely to be exposure risks were e-mails (87%), confidential business information (67%) and confidential personal information (26%). That was followed closely by stored passwords used to connect to a corporate network. In addition, nearly three-quarters of the missing devices were secured only by a password. Another 21% didn't even have that minimum security. Only 18% used full-disk or partial encryption.
Among the more interesting comments in the survey were those who reported their stolen laptops had been physically secured with lock and cable and even Super glue.