Leaving a work-issued device in an unsecured place
Several high-profile laptop theft cases have many organizations now looking at data loss prevention as a security priority. For example, in 2006, a laptop was stolen from the home of a Veterans Affairs employee. The employee had taken it to a private residence despite agency regulations which forbid this kind of activity. The theft resulted in the possible identity theft of 2.2 million active-duty military personnel. Last year, FEMA was in the news because of a lost laptop that contained the names, social security numbers, dates of birth, and phone numbers of flood victims that applied for federal assistance.
"I like using a laptop and I think they make sense for businesses to issue them to road warriors," said DeFrangesco.
His advice? "Encrypt. I know that I sound like a broken record, but it works and it's cost effective. A lot of encryption software is free today. Even though it is free, there still is a cost to deploy and support it. If you can't afford that cost, then don't issue laptops."
DeFrangesco also recommends tracking devices that can recover lost laptops and issuing cable locks.
Hall believes this is an area where the end user needs to be held most accountable.
"Leaving a laptop in an unlocked car is a user problem, not an IT issue."