November 07, 2014
How secure is your laptop computer?
Here’s a non-compliance ruling story to ponder: In 2011, a laptop containing the confidential information of 870 individuals was stolen from an urgent care facility owned by Concentra Health Services. After a compliance review showed HIPAA violations (the worst being there was no laptop encryption), the company was fined $1.72 million.
It was a shocking reminder that Health Insurance Portability and Accountability Act enforcement has been stepped-up but it also highlighted the hidden costs of workplace laptops and the importance of protecting private information.
Of course, at a relatively low price, laptop computers (and other portable devices) help speed up and facilitate communication, and allow employees to work from anywhere.
In a recent survey of 300 corporate executives by The Economist Intelligence Unit, 74% of respondents said laptops were very important to the performance of their job; 2/3 said they were very important to the performance of their employees’ jobs.
But when laptops are stolen or lost and confidential data exposed, the costs go through the roof.
The Billion Dollar Lost Laptop Problem was a benchmark study of U.S. organizations in 2010. Over a 12-month period, 329 organizations reported that more than 86,000 laptops were lost or stolen. Based on earlier research that pegged the cost of a lost laptop at $49,256, Ponemon tallied the total cost to the companies in the study to be $2.1 billion or an average of $6.4 million per organization.
It makes sense to understand your industry’s privacy laws and to do everything you can to improve laptop security. Here’s how:
Physical Protection: Keep a careful watch over laptops, advises Securitymagazine.com. Don’t leave devices unattended, and never leave one in a vehicle where it can be seen by passersby. Ponemon research shows that one in 10 corporate computer laptops will be lost or stolen.
Training: Provide security awareness training especially for employees who take their laptops out of the workplace. The Lost Laptop Problem study showed that 43% of laptops were lost off-site (home office or hotel room), 33% in transit or travel, and 12% were lost in the workplace.
Data Protection: “Encryption is your best defense against these incidents,” said one industry expert about the Concentra ruling. Laptop theft protection and other data protection solutions are also recommended.
Report It: Implement security procedures that require employees to immediately report a missing or stolen laptop and start the process of notification. Of the 263 laptops each organization lost in the Lost Laptop Problem study, an average of just 12 were recovered.
Commitment: A 2010 InfoWorld article said that Intel lets its employees put personally identifiable information on their computers. “People are less cavalier about the security of their laptops when they have their own data on them”.
Proper E-Waste Disposal: The issue of monitoring the proper disposal of equipment is sometimes difficult to oversee, said a security industry expert in regards to a 2014 Coca-Cola laptop breach that exposed confidential information of 74,000 employees. The laptops were stolen by an employee who had been assigned to properly dispose of the equipment. Best to partner with a reliable document shredding company for e-media and hard drive destruction and secure chain of custody procedures for proper disposal. E-media and hard drives must be physically destroyed. Research has shown that disk wipe software is not a guarantee that information cannot be recovered.
Learn more about laptop security and how to protect the e-media in your business.