Worth the risk

Absolute Software’s William H. Pound explains why security is so important when dealing with mobile banking devices.

FST. With so many mobile devices now in use in the workplace, what new security risks must businesses manage?
William H. Pound. As mobile technology becomes more advanced, so does the security threat to businesses. An increasingly common phenomenon is computer drift,  the habit hardware assets can have of dropping off an IT team’s radar, taking with them valuable data and software licences.

Computer drift is symptomatic of a workplace culture that seems to view both data and hardware as disposable, but it really shouldn’t be that way. Too often companies let employees take tired old laptops with them when they leave, other times they forget or don’t invest in the process of recalling those laptops, failing to recognise the value isn’t in the outdated machine but in the intellectual property and the software licences stored on them.

Especially at the moment, with all the talk of lay-offs, computer drift is a risk of doing business, but it needn’t be a cost of doing business. Drift is a risk that can be mitigated. What’s more, companies churning high numbers have all the more reason to keep track of digital assets

FST. What are the risks for financial companies that fail to protect the customer data entrusted to them?
WP. The finance industry, more than any other, is at risk from security threats. The value and sensitivity of the data stored in this sector is very high and data loss can mean customers’ personal details being seen by unauthorised eyes.

When such confidential information gets into the wrong hands, it can cause serious problems for the organisation; not only is the data itself at risk – but the reputation of the entire business. This can be catastrophic, and headlines are not easily forgotten.

FST. What solutions are available to protect mobile devices and the data they contain in the event they are lost or stolen?
WP. The vast majority of stolen laptops are taken by opportunists or as a result of burglary. In such instances, the laptops are stolen for their nominal value and sold on cheaply. In these circumstances, strong encryption will protect data from any prying eyes.

However, if the theft is targeted, the thieves sophisticated enough and the information desirable, then many kinds of basic security can start to look pretty shaky. The key is to have a back-up in place so that, if a device or data does fall into the wrong hands, there are processes in place that can handle the fall-out.

Software that allows you to remotely delete or retrieve data can be a great benefit. This means that any sensitive data can be kept from prying eyes even if the device itself is not recovered.

A GPS system can also be used to help recover the missing machine. Like data recovery – this helps create a complete security system. One that, even if breached in the first instance, can be put back into place.

FST. Encryption has traditionally been the main line of defence in IT security. Is it enough to simply encrypt information or must other measures be used to guarantee security?
WP. Encryption works very well as part of a layered defence. The problem is that few companies bother to implement it or enforce its use. Research conducted by The Ponemon Institute recently found as many as 40 percent of security professionals don’t even implement encryption on their laptops.

This is why the vast majority of stolen laptops still contain information that is not protected. For that reason, businesses need to have a safety net that enables them to remotely delete data from a stolen device. Even if the information is encrypted, 70 percent of data thefts are internal, according to Gartner, that means the person stealing the laptop, or the information it contains, almost certainly holds the encryption keys they need.

Businesses could wait forever for staff to act sensibly and use all the tools available to them or they could be realistic and have a watertight plan for the day when, not if, a device goes missing.

William H. Pound oversees Absolute’s International Operations and has 25 years of experience facilitating international business and developing strategies to move new products into foreign markets. Prior to joining Absolute, he managed a consulting group to help companies with their global expansion strategies. He has also lectured on international business at Ryerson University in Toronto, Canada.