Almost Half of UK Corporate Laptops Still Not Protected Against Theft or Data Loss, Reveals Check Point Survey
November 2011 by Check Point
Check Point announced the findings of a new survey revealing that nearly half of UK public and private sector organisations are still risking data breaches, losses and leaks from their portable PCs and devices. While 52% of respondents said they used data encryption to secure their business laptops, 43% said they did not have encryption deployed and a further 5% admitted they didn’t know if encryption was used.
While the survey shows that more UK organisations are taking action to protect their laptops and removable media – a similar UK survey by Check Point in October 2010 found that just 40% of organisations had encryption deployed on their laptops – a significant proportion of businesses are still vulnerable to breaches from loss or theft of portable PCs.
In addition, the survey of 320 UK IT managers and senior IT staff revealed that only half of organisations used data encryption to protect removable media, such as USB memory sticks, removable drives and DVDs. 44% said they had no solutions deployed to protect these devices, and 6% of respondents said they did not know if encryption was used.
A growing issue for organisations is consumerization of technology – employees using personal laptops or smartphones for work purposes. 61% of organisations surveyed said that employees use personal devices for work (up from 55% in Check Point’s October 2010 survey), yet 42% of the respondents said they had no formal process for deploying security to these devices, leaving corporate network at risk. Only 17% of the organisations said they insisted on deploying security on personal devices used for work purposes, and 42% restrict access to the organisation’s network or data resources to authorised corporate devices only.
When asked if their organisation had experienced a data loss incident in the past 12 months, whether accidental or malicious, 73% said they had not experienced an incident. 13% reported a breach due to a lost or stolen laptop; 8% reported a breach from an email being accidentally sent to the wrong recipients; and 7% reported a lost or stolen USB stick or removable storage device.
Terry Greer-King, Check Point’s UK managing director said: “It’s encouraging that more UK firms are protecting their laptops and data, but the rate of growth is slow, and nearly half of organisations still do not secure their data on portable computers and devices. At the same time, new threats such as consumerization are emerging, and many organisations haven’t established measures to secure the use of personal laptops and smartphones in the workplace.
“These threats need to be addressed by a combination of education and technology so that organisations can protect their data, their business and their employees against the risks of security breaches.”
Despite email breaches being the second most common vector for breaches, and the UK Information Commissioner’s Office levying its first fine for email data breaches on a Council earlier in 2011, only 32% of respondents said they had any kind of data leak prevention solution to protect email traffic and sensitive files from reaching unauthorised individuals. 15% of those surveyed reported they were considering solutions, and 38% said they had no plans to deploy a solution.
The Check Point email survey, conducted together with eMedia, gauged the opinions of 320 senior IT staff, IT managers and IT directors across a wide range of UK companies from the public and private sectors.