Financial services firm Merrill Lynch reported the theft of a laptop computer from its New Jersey corporate office - a computer containing sensitive personal and financial information, including Social Security numbers, for 33,000 of its employees. According to a new study by the Ponemon Institute, 73 percent of corporations experienced the loss or theft of a data-bearing asset in the last 24 months, yet those same organizations report limited efforts to manage this vulnerability.
The new Ponemon report, National Survey: The Insecurity of Off- Network Security, will be discussed in detail by study author Dr. Larry Ponemon, founder and chairman, Ponemon Institute, and study sponsor, Robert Houghton, president, Redemtech, during the Privacy Symposium at Harvard University. Such breaches of confidential information have become routine news for one simple reason: though sparing no expense to guard the security of their networks, corporations often fail to protect data on devices that are disconnected from the network.
Among the National Survey: The Insecurity of Off-Network Security's significant results: - 62 percent of study respondents confirm or are unsure if their off- network equipment contains unprotected sensitive or confidential information;
- Yet 39 percent do not view the management of off-network data bearing equipment a critical component to security;
- 70 percent of data breaches result from the loss of off-network equipment; and,
- 30 percent say they would never detect the loss or theft of confidential data from off-network equipment.
"Protecting data that is stored on devices outside the confines and control of the corporate network is a problem for which many companies simply do not have a solution," Ponemon said. "Our research shows that, while most companies recognize the risk off-network data poses, few seem to have a grasp on how to manage the many challenges off-network data present to maintaining a strong data security program, and many do not even have a policy to address the situation."
"The cost of a security breach is astronomical, whether it occurs over the network or results from lost or stolen off-network assets," Houghton said. "The results of this study should alarm CEOs who have customer or employee information, and a brand to protect. After years of effort to establish secure computing, many companies are neglecting this very basic risk."
The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. Redemtech Technology Change Management (TCM) services help organizations increase IT asset utilization and security and assure regulatory compliance during technology transitions. Redemtech clients can realize a 40 percent to 70 percent reduction in asset recovery and disposition costs, while achieving 100 percent warranted data security and environmental compliance assurance.
