“Managing Traveling Data - First Steps
Please fasten your seatbelts and return your seats and tray-tables to their upright positions. Oh yeah, and don’t forget your computer.
The Wall Street Journal recently reported that about 400,000 computer laptops are lost and unclaimed at the nation’s airports each year with that number increasing about 12,000 weekly. You don’t need a mathematician to figure out that this adds up to a lot of money. Still, the computer itself is only a small fraction of the total cost that is lost. In today’s information environment, it’s the data on the laptops that is the most important.
A recently released global security study on data loss found that employee behavior – intentional or not – poses a much more extensive threat to a company’s data security than outside hackers and viruses. The three-part study [hyperlink to white paper], commissioned by Cisco and conducted by InsightExpress, polled more than 2000 employees and information technology professionals in 10 countries.
Here are just a few of the findings:
- 33 percent of IT professionals were most concerned about data being lost or stolen through USB devices.
- 39 percent of IT professionals worldwide were more concerned about the threat from their own employees than the threat from outside hackers.
- 46 percent of employees admitted to transferring files between work and personal computers when working from home.
How important is company data?
“Critical, because company confidential data would be harmful if in the wrong hands,” said Harry Parks, director of Asia-Pacific sales for Dothill Systems Corporation, a California OEM data storage solutions company.
Failing to protect data can expose your company to legal and regulatory expenses, brand image perception problems, and loss of competitive advantages. Managers need to have a plan to protect company information on traveling laptops.
One of the first planning principles of data security and privacy is that it is an external and internal problem. It is surprising that much of company data misuse is not from hackers breaking in, but from employees either naïvely or purposefully taking important data out of the workplace. Even the laptop that is accidentally left behind at the airport security check station can land in the wrong hands.
In a 2002 essay in the Harvard Business Review, Jeanne Ross and Peter Weill advocated that company managers not leave privacy and security issue decisions solely to the IT department. This is because the issue is really not a technology problem, but a corporate policy issue. Managers need to develop data handling policies and data audits that balance their company’s data access and data security needs. These policies can be implemented through employee training, appropriate use of technology, and, of course, a consistent message from the upper management.
Technology can help the traveling employee access company data without having a local copy, either on the laptop or on a thumb-drive. They are wireless Virtual Private Networks (VPN) with encryption login and data sanitizing methods. Data is sanitized through a computer program that strips out all identifying information (i.e. social security number and customer name), leaving only numbers and weird identifiers that are only known to the employee. Later, at the office, the sanitizing program can automatically put back the identifying information.
The latest technology, however, can only go so far without employee vigilance to keep data confidential. Managers need to foster a culture of active data protection. This can be accomplished through training, auditing, and setting examples. One software technology method, called Data-Leakage-Prevention (DLP), can assist in linking protected data to the employees who need it.
For a manager who is travelling or has employees travelling, statistics indicate that the company should not plan for if a laptop will be lost, but when. Remember that data security includes an internal component and requires active management is the first step. Planning ahead can greatly reduce the expenses of lost data. By implementing traveling data security polices and technology that fit your company, a lost laptop can be reduced to being just a lost laptop.