Mobile workers — known in some circles as road warriors — increasingly are becoming important players in today’s fast-paced world of business. They are the people who are always on the go — the ones who spend at least half of their workweeks away from their regular offices. Because these women and men are out of the office so often, they have to use laptop computers, personal digital assistants (PDAs), and portable memory devices to exchange and transport business-critical data. In many cases, the security of this data hinges on the physical safety of the devices. Simply put, when mobile devices are lost, so is the data.
Today, most laptops and PCs have some sort of antivirus and personal firewall software to prevent data hijacking. But what happens when a computer is stolen or when an overtired road warrior leaves her PDA in a cab? A 2006 global study by market research firm Gartner indicates that while 25 percent of information theft is linked to network intrusion, 60 percent of data breaches can be attributed to lost or stolen mobile devices. With this in mind, it is critical for organizations to bolster defenses by encrypting data across the board.
The case for encryption
Headlines from any newspaper or news Web site around the world put data
security vulnerabilities due to physical loss of devices into
perspective. In the United States (U.S.), the Transportation Security
Administration (TSA) reported that a stolen computer exposed more than
100,000 personal records. In the United Kingdom, a laptop storing
personal data on 11,000 children was stolen from a Nottinghamshire
hospital. Finally, the 2006 asset audit of the New Zealand Inland
Revenue Department (IRD) showed that the IRD has no clue as to the
whereabouts of 106 of its computers or their contents. The list goes on
and on….
Sixty percent of data breaches can be attributed to lost or stolen mobile devices. With this in mind, it is critical for organizations to bolster defenses by encrypting data across the board.
For business executives and government agency heads, the costs in terms of squandered money, time, and credibility from these debacles is almost immeasurable. The first issue is quantifying the cost of recovering the data, legal fees, free credit monitoring for customers, and other mitigation services that can range into millions of dollars, depending on the number of personal records lost. There is also the cost and effort to restore customer trust — a very sizable and difficult figure to estimate. However — unfortunately — for publicly traded companies, one cost can be very easy to measure: an enormous sell off in stock price and a simultaneous, catastrophic loss of market capitalization. Lastly, there are the costs of lost credit card numbers, which usually range from $30 to $100 per card.
A new threat
Moving forward, while problems
with laptops continue to proliferate, network and security personnel
must also grapple with a newer category of data vulnerability: portable
memory devices. These data dangers come in many forms — USB thumb
drives, iPods, MP3 players, smartphones, and more. A survey of
attendees at the 2007 InfoSec security conference in London indicated
that almost 40 percent of middle and senior-level IT managers rank
these seemingly innocuous devices as the top security concern and that
80 percent do not have effective security policies regarding them.
A 2006 study by Check Point Software among IT professionals in Belgium, Luxembourg, and the Netherlands painted a similar, alarming picture. There, 76 percent of respondents said that they never use any data security to protect information stored on USB devices. Moreover, virtually all 300 respondents said that they regularly use USB memory sticks.
Copying data to these devices is not the problem-losing them is. Because they are much smaller than laptops or PDAs, they are easier to lose in hotels, taxis, airplanes, restaurants, and other locations frequented by business travelers. In 2006, for example, a former contractor at the Los Alamos National Laboratory, a U.S.-based nuclear weapons research facility, pled guilty to copying confidential documents onto a USB thumb drive and taking it home. As mobile users rely on these tools more frequently, these problems will only increase.
Benefits of encryption
Encrypting data on mobile devices eliminates the dangers associated
with loss or theft. The process makes data worthless to unauthorized
users. Typically, by processing data through a mathematical formula
called an algorithm, encryption software converts data into
"ciphertext." Following this conversion, that data requires users to
input their unique credentials to gain access to it. Provided those
credentials stay private, they make it virtually impossible for others
to access the data.
The Check Point approach
By combining strong encryption with access control, Pointsec products
from Check Point offer the highest level of data security.
Specifically, security products including Pointsec PC, Pointsec Mobile, and Pointsec Protector
offer proven defense for mobile devices of every kind. Options with
these software packages range from full-disk encryption to port
management and encryption for removable media. These solutions also
facilitate easy deployment over any size and type of network-operating
transparently to end users-making all of them fully enforceable.
Finally, by centralizing encryption policy management through Check Point SmartCenter for Pointsec, network and security managers can establish virtually "set-and-forget" administrative efficiency, resting easier that their organizations’ critical information is safe. So thanks to these encryption solutions, senior leaders can focus on their core missions and less on mobile workers losing track of mobile devices that would cause the next big security breach.