Calls for corporate policies on laptop security to be enforced
With 2009 set to be the year of the mobile worker, Kensington, the mobile computing accessories provider, is calling for organisations to set out and implement corporate security policies that cover the physical security of laptops used by employees. Those who do not will find themselves exposed to undue risk of data loss, which could lead to fines or prosecution.
As businesses seek to save costs in the workplace this year, more staff will be equipped with laptops and encouraged to work flexibly. Although IT departments are working hard to protect data with passwords and encryption software, these efforts are not being matched with policies to help staff look after the laptop itself, says Kensington.
“The responsibility for physical security policies – which include guidelines on the safe transportation of laptops, the use of locks and advice for laptop use both at home and on the move – falls between the IT and HR departments in most organisations,” explained George Foot, Vice President Kensington Europe. “And the emphasis here is on ‘falling’ – with no one taking this on, organisations have ended up with no policy for physical security, and are placing themselves at increased risk should an employee’s laptop fall into the wrong hands.”
His comments follow the UK Government’s announcement in November 2008 that the Information Commissioner is to be given new powers to prosecute those responsible for the ‘deliberate or reckless loss’ of confidential personal data. Similar plans may be considered by the European Data Protection Supervisor.
“I would not be surprised if we see cases of employers being taken to court when work laptops are lost or stolen in 2009, as the Information Commissioner’s new powers come into effect. To avoid the risk of hefty fines, HR and IT need to work together now to implement and enforce physical security policies,” said Foot. “Reducing the risk of opportunistic theft is a simple step to take. Using a lock becomes second nature, just like switching off the lights to reduce electricity use.”
Kensington recommends that organisations begin to construct a security policy around laptop use by considering the following:
- BEHAVIOUR: How will employees using laptops be briefed about keeping their device safe? Are they aware that laptops are at risk from theft even when in the home or car, as well as when working from an airport lounge or customer’s site?
- EQUIPMENT: What equipment will they be given to increase the physical security of the device? Organisations should consider giving staff a laptop lock to use at home, or a bag that disguises the fact that it contains a laptop for frequent travellers
- RESPONSIBILITY: Ultimately, Data Protection Act states that the organisation is responsible for protecting customer and employee data. Do staff know the implications of this when working remotely, and have they been advised on the appropriate steps to take?
For more information, please visit www.kensington.com.