Forensic Update

Reflections on information management within the legal and regulatory arena

Our Porous Periphery…news from the data leakage front

Posted by Johnny Lee on March 5, 2012

A recent study from Harris Interactive indicates that, despite what appear to be known risks, organizations continue to permit high-risk data practices.  The study, commissioned by Imation, surveyed several hundred IT decision-makers throughout the United States and Canada.

According to the study, 91% of organizations allow removable storage devices (e.g., USB drives, external hard drives, smart phones, etc.) on their networks.  Additionally, 81% of organizations report having some policy that mandates the encryption of organizational data when employees are using removable storage devices — though over 65% of organizations report having little or no enforcement of these best practices.  Put differently, despite the well documented risks of highly portable and unencrypted data leaving the building, only 25% of U.S. organizations enforce encryption on removable media.

As if these statistics weren’t staggering in their own rite, 20% of businesses report having no defined action plan to address the specter of data breach.  Worse, these same 20% state that they do not intend to draft such an action plan in the foreseeable future.

For years, the higher risk of data compromise from internal players has been axiomatic.1  While these risks do not always arise from sinister acts, there are virtually no distinctions (either within the press or with regulators and potential plaintiffs) between data breaches that occur for profit versus through negligence.  Like me, the study’s sponsors are surprised by the somewhat cavalier attitude of organizations that are not locking down data as well as perhaps they ought.

1 Q.v., Study from Ponemon Institute & Checkpoint Software (February 2011), entitled “Understanding Security Complexity in 21st Century IT Environments,” which indicates that 75% of organizations report data losses from malicious or negligent insiders.

Advertisements

Sorry, the comment form is closed at this time.

 
%d bloggers like this: