Half of business managers have disengaged their computer's encryption capability.
Research by Absolute and Ponemon Institute has shown that many UK employees undermine traditional data breach prevention strategies. In its study ‘The Human Factor in Laptop Encryption: UK Study', Absolute has revealed that employee behaviour undermines traditional data security strategies among UK companies.
As business managers fail to take necessary precautions to secure their laptops, they instead are overly dependent on their encryption solutions to protect the sensitive data on their laptops.
Of the 50 per cent of business managers who have disengaged their laptop's encryption, 33 per cent admitted this is in violation of their company's security policy. Meanwhile 65 per cent of business managers either keep a written record of their encryption password, or share it with others in case they forget it.
Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, said: “The data suggests that, because of user behaviour, encryption alone is not enough to protect mobile devices and the sensitive data stored on them. These statistics are especially disconcerting when combined with our recent studies demonstrating that lost or stolen laptops are the number one cause of data loss, with three out of four companies experiencing a data breach when a laptop has been lost or stolen.”
John Livingston, chairman and CEO of Absolute Software, said: “If I were tasked with data security, I would read this study in detail and immediately assess my company's data protection strategy, especially if I was reliant solely on encryption.”
Stephen Midgley, senior director at Absolute Software, said: “IT departments roll out security applications and communications, but there is poor communication to the employees on how to use it. Most companies have a rule and data backup policies but don't actually back their data up.
“Businesses don't make it clear that security is a concern for them, and IT is very security focused but divided between organisations. IT is not conveying the perils to the workforce, but there is a reliance on the end user to follow suit. IT is doing their part and implementing encryption, but the businesses side is not following protocol.”