Massive data files are carried on MP3 players, BlackBerrys and wafer-thin chips
Gillian Shaw
Sun
Small memory cards like this Memorex Mega TravelDrive puts a goldmine of data in an employee’s pocket.
The ubiquitous iPod, once thought to be a risk only to one’s hearing, is now regarded as a potential threat to corporate security. It and various MP3 players are now banned in the workplace by 30 per cent of mid- and large-sized businesses across Canada.
Personal laptops and tiny USB memory keys that can carry vast amounts of data are also forbidden by half of all businesses, according to a survey by Ipsos Reid for Sun Microsystems of Canada Inc. being released today.
“You could have millions of customer names and addresses on some of these devices that could be carried out in someone’s pocket,” said Andy Canham, president of Sun Microsystems of Canada. “A lot of people have done good work on locking and barring the front door, but they don’t understand there is a huge back door they are not aware of, or they haven’t figured how to address it correctly.”
The gaping back door is an increasingly mobile workforce, with employees carrying potential data goldmines in their pockets or briefcases on everything from wafer-thin memory cards to BlackBerrys, personal digital assistants, cellphones and notebook computers.
The data can inadvertently go astray when a device is lost or stolen, or it can be deliberately carried out by disillusioned employees or others who gain access to confidential corporate files.
Canham said companies that find that customer information has gone missing face a credibility crisis — one that can severely damage their brand. He pointed out that, according to the Ipsos Reid study, some 28 per cent of customers would be prepared to immediately terminate their relationship with a company if they discovered that it had compromised their personal information.
“Where we see most of the concern from consumers is things as basic as your name, your credit card number, the expiry date, your home address,” he said.
In the hands of identity thieves that kind of information can wreak havoc.
Canham pointed out that three per cent of the respondents in the survey have personally been prey to identity theft in the past year.
“How many times does each of us leave a cellphone in a taxi?” said Canham. “There can be not only cellphone numbers, there can be photographs, there can be videos, and there can also be MP3 players that can store amazing amounts of information.”
An eight-gigabyte compact flash memory, the size of an after-dinner mint wafer, can hold approximately a half-million pages of text, or 800,000 e-mails. iPods can hold up to 60 gigabytes.
With wireless technology and advances in mobile computing improving efficiency and productivity, Canham said there is no reversing the obvious trend, but companies must combine policies, processes and tools with education for employees to safeguard data.
“That’s the dilemma,” he said. “Do you want to stop somebody from bringing their cellphone home? Probably not. We think it is going to be difficult to turn technology back. It will continue to advance, and companies will want to take advantage of it.”
Canham said his company has worked with clients to mitigate the threat of data loss through such measures as thin client computers that have only a screen and keyboard, and no data residing on the machine.
“You can run all kinds of traditional applications, but in a secure environment, and if someone broke into your house and stole it, they wouldn’t have anything but a screen and a keyboard,” he said.
The survey found that while companies are taking measures to mitigate the risk of data loss, only 32 per cent of executives surveyed believe their businesses are performing at optimum levels to prevent and manage potential attacks.
The study also found that:
– Seven out of 10 executives believe there is room for improvement in preventing risk among their mobile workforce.
– 17 per cent say they have a very poor understanding of the risks associated with remote or wireless access.
– 13 per cent believe they are doing a poor job at mitigating risks.
– 11 per cent say they are not applying proper procedures to successfully deal with security breaches.
– 42 per cent said the greatest negative impact a security breach will have on their operations is theft of customer information.
– Nine out of 10 companies surveyed provide company cellphones to some of their employees, and almost as many provide laptop computers to employees to access the workplace from outside.
– Currently, 22 per cent of the Canadian workforce on average has remote access to a corporate Intranet, but that figure is expected to climb to almost 30 per cent within the next year.
– Among companies that did not offer remote access, 72 per cent said security concerns influenced that decision.
Data for the survey was collected from March to May of this year from 259 companies.
© The Vancouver Sun 2006