Misconceptions About Laptop Encryption May Put Data At Risk

Overconfidence in encryption's capabilities may cause workers to ignore best practices, Ponemon study says

Tim Wilson, Editor in Chief, Dark Reading, Contributor

January 15, 2009

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Now that they have encryption capabilities on their laptops, many end users may be overconfident about the safety of the data that resides on them, according to a study published this week.

The laptop encryption study, conducted by Ponemon Institute and sponsored by security vendor Absolute Software, found that many workers think the data on their encrypted PCs is safe, but that their behavior on the road may continue to put that data at risk.

The survey of more than 1,500 individuals -- including approximately 700 IT security professionals and more than 800 non-IT workers -- indicates that users with laptop encryption are now in the majority, about 58 percent of the study sample. However, Ponemon says that non-IT workers may have developed misconceptions about the power of those encryption capabilities to protect their data.

For example, 61 percent of non-IT workers believe that encryption "prevents the theft of my information by cybercriminals," the study says. Sixty-six percent say they no longer worry about losing their laptops because the data is encrypted. Sixty percent agree that encryption "makes it unnecessary to use other security measures."

These misconceptions may cause employees to disregard other important security practices, Ponemon suggests. For example, 30 percent of non-IT workers say they frequently leave their laptops with strangers while traveling, while 28 percent say they frequently leave their computers alone in insecure locations. Sixty-nine percent say they never physically lock their computers to their desks, and 73 percent say they never use a privacy shield to protect their computer screens from prying eyes.

In addition, Ponemon says, many users are lax in their use of encryption technology. In the survey, some 56 percent of non-IT workers admitted to turning off the encryption capabilities on their laptops for some period of time. Twenty-eight percent admit to sharing their encryption passwords with others, and 36 percent say they remember their passwords with a paper document, such as a post-it note. Sixty-eight percent say they rarely, if ever, use complex passwords.

"We believe that the primary conclusion that can be drawn from this study is that business managers are either negligent in the protection of sensitive and confidential information on their laptops, or they may be overly dependent on encryption to keep this information secure," the study says.

"Encryption is an excellent security tool," the study observes. "However, if encryption is turned off, if passwords are shared, or if other risks are taken, organizations that utilize encryption technologies alone to ensure the security of confidential information may not be well-protected from the possibility of a data breach."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

About the Author

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights