Nearly three-quarters of corporate security and IT professionals in the U.S. have found “inappropriate” pictures, videos or browser cache links on employee laptops, a survey released Wednesday shows.
Two-thirds of the 3,100 IT pros anonymously surveyed by the Ponemon Institute had found “evidence of inappropriate interactions with other employees” of an adult nature on company-issued laptops. A slightly smaller percentage, 63 per cent, found resumes and other evidence of job searches.
Read related stories:
Larry Ponemon, chairman of the research group behind the study, said the findings pointed to risky behavior by employees that heightened the potential for data security breaches.
These risks were expected to rise, according to the Web-based survey, which queried IT and security pros from six countries, including the U.S., U.K., Germany, France, Mexico and Brazil.
Those surveyed said that between 23 per cent and 33 per cent of employees’ main devices were currently laptops. In five years, they said, that figure is expected to nearly double, to 55 per cent of users in Mexico and as many as 65 per cent of users in Germany. Use of laptops in the U.S. is expected to reach 64 per cent.
The survey found some interesting, significant cultural differences in how laptops were lost, stolen or otherwise put at risk.
In most countries, losing a laptop in a hotel was the greatest risk. But in Brazil and Mexico, the risk of losing a laptop in a rental car or the airport — usually the second and third most common locations for loss in the U.S., France, Germany and the U.K. — was practically nonexistent. About half of the IT pros in Brazil and Mexico reported laptops were commonly stolen from users’ homes.
Among U.S. and European workers, laptops were more often damaged during travel. In Brazil and Mexico, more than a third of the IT pros said laptops were damaged mostly due to “employee inflicted damage because of anger or frustration” or from “dropping the laptop accidentally.”
The information that posed the greatest potential risk if a laptop was lost or stolen varied by country, the survey found. In Germany and France, it was employee records. In the U.S., it was customer information such as contact lists. In Brazil and Mexico, it was confidential financial information.
Despite the anonymous nature of the Web survey, Ponemon said the results probably understated the true scope of the problems, as respondents with serious breaches or losses were probably too embarrassed to respond.
The survey was sponsored by Dell Inc., which announced Thursday that it would offer solid-state drives (SSD) with full-disk encryption on its Latitude E line of business laptops.
Craig Durr, senior product planner for security and software at Dell, said the drives, from Samsung Electronics Co., would come in 64GB, 128GB and 256GB sizes, and be available in June. Prices for the new option were are not yet available.
The new SSD drives will comply with the Opal standard for full-disk encryption that was agreed upon in January.
Dell began offering conventional Seagate hard disk drives with full disk encryption on its laptops last spring, Durr said.
In addition to the disk encryption, Dell offers software and services for IT administrators to secure and encrypt the data.
Ponemon said full-disk encryption would “make a big difference” because companies are not doing “such a great” job otherwise to reduce the security risks of laptops.