Five data leak nightmares

When Home Depot lost a laptop containing personal information on 10000 employees, it was just the latest in a string of high-profile data-leak incidents.

"E-mail is still the biggest problem, by far," says G. Oliver Young, an analyst with Forrester Research. "It's ubiquitous, huge amounts of information travel over it, and it's easy to forward documents, without even thinking, that contain sensitive information."

Certain industries, such as healthcare and financial, are ahead of the curve when it comes to e-mail security because of regulations like Health Insurance Portability and Accountability Act and Gramm-Leach-Bliley Act. Because of this, they've moved beyond the Band-Aid approach of creating policies and trusting the training employees.

"Even with strong policies, people may not realize they are sending out sensitive data," says John Vander Velde an officer and manager of IT for Lake Michigan Financial Corporation, a holding company for community banks in northern Michigan.

"We put a risk matrix together, Vander Velde says, "and we quickly realized that our biggest risk is e-mail. Even a well-trained employee could inadvertently send out information that could be captured or sniffed."

A July 2007 survey by Forrester's consulting arm, for instance, found that of those surveyed (308 IT professionals at U.S. enterprises with more than 1,000 employees) a third had investigated e-mails that they believed had leaked confidential data in the past year.

Commissioned by Proofpoint, the survey also found that respondents estimated that approximately 20% of outbound e-mails contain "content that poses a legal, financial or regulatory risk." Meanwhile, more than a quarter of the companies surveyed had terminated an employee for violating corporate e-mail policies in the past year, while 45% had disciplined employees for violating policies.

Lake Michigan Financial concluded that it needed technology as a line of defense beyond policy and training. The company eventually turned to a DLP product, in this case from Proofpoint. "Solutions like this should benefit the financial industry as a whole," Vander Velde argues. "Even if they're rolled out on an institution-by-institution basis, the benefits should be far-reaching. Accenture found that the biggest risk to mobile workers isn't poor Wi-Fi security or war driving -- which is what most mobile security plans focus on -- rather it's employees who simply forget their laptops, PDAs and mobile phones in taxis.

Nightmare three: Taxi cab confessions- Losing a laptop, cell phone or USB drive is more common than you think

Lake Michigan Financial's second-leading worry is portable data. Using GFI EndPointSecurity, Lake Michigan Financial prevents users from downloading sensitive data to USB drives or CDs.

"Vista was not up to par to control things at a granular level," Vander Velde says. "We had some departments that used portable storage for backups or so they could work from home." Vander Velde noted that employees did complain at first, because it interrupted their workflows. By offering alternative, secure storage and remote-access options, Lake Michigan Financial made most of them happy.

According to Baroudi at Aberdeen, most organizations are just getting around to the risks associated with lost laptops and haven't even begun thinking about removable storage. The risks, though, tend to be different.

"The difference between a laptop and a USB drive is that with a USB you're intentionally moving data," she says. Thus, the risks tend to be with insider attacks and IP theft. The hope is that training and policies will at least give workers pause before they download sensitive data. "With a laptop, you may not intend to move data to a less secure place," she says.

In fact, according to Accenture's mobility practice, that less secure place is often a taxi. Accenture found that the biggest risk to mobile workers isn't poor Wi-Fi security or war driving - which is what most mobile security plans focus on - rather it's employees who simply forget their laptops, PDAs and mobile phones in taxis.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeff Vance

Network World
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?