The move towards a truly mobile workforce is accelerating at a blindingly fast pace. IDC estimates that there are already over 1 billion mobile workers worldwide. Laptops, netbooks, and USB flash drives allow workers to access, remove and store large amounts of data and take it outside the relatively safe confines of your corporate offices. There’s no doubt about the productivity gains and benefits of a mobile workforce.
But, the surprising cost of what can happen to your business data as it leaves the office every may dramatically outweigh the benefits of mobility. Today, the impact of intellectual property theft and fines levied by UK regulators can make one lost laptop or flash drive a disaster waiting to happen.
The Ponemon Institute found the average cost of a data breach in the UK reached £1.68 million in 2009. How many managers thought it couldn’t happen to their organisation? If business and IT leaders don’t address data protection before it’s too late, a mobile workforce can be a one way ticket to a costly and unsightly end.
The unseen cost of a mobile workforce
Already in the UK, over 500 organisations have reported to the Information Commissioners Office a lost laptop, flash drive, or other portal device since the beginning of 2007. Of course, this is just the tip of the iceberg. Most incidents went unreported but can still come back to haunt businesses. Between April 2008 and March this year BBC staff reported that 146 laptops had been lost or stolen. UK MoD reported losing 215 USB flash drives over the last two years. In both cases, how many lost or stolen devices went unreported? How many in your organisations?
Unlike before, the ICO now has the power to levy £500,000 fines for each breach. Given past history, it’s not a matter of will a mobile worker will be responsible for the next breach, but when. What would your business do if faced with a multi-million pound bill following a data breach? Even if data is not sensitive and regulated, what would the impact of your competitors have accessing to your current sales forecast, customer lists, or upcoming financial statements?
Making all of this a non-issue
The issue of employees’ losing data or being victims of theft will likely never change. Humans make mistakes and can be the victim of crime almost anywhere. However, doing nothing before this occurs won’t be excusable in the eyes of management or the board.
Today, technology exists to protect your business data on portable devices such as flash drives. Encryption is readily available that makes data accessible and usable for only authorised employees. The ICO recognises that even if encrypted data is lost or stolen it is not vulnerable to compromise. The ICO have been very clear in advising businesses to encrypt all data which mobile workers access, remove and store on their mobile computing devices.
A window of opportunity
However, I would suggest businesses, to be ready to respond to the inquiries of regulators, go beyond just simple encryption and implement an auditable data protection record. This way questions regulators may ask can be easily answered.
The ideal solution is a managed service which would allow the IT department to manage the encrypted devices so they can track and ultimately destroy any data which is lost or stolen. This doesn’t give carte blanche for mobile workers to treat devices without a care, but most importantly it gives your business the assurance that data cannot be misused if lost. And critically important in today’s regulatory environment, your business is safeguarded from fines and resulting consequences following a data breach.
So whether you’re reading this in the server room or the board room, it’s time to re-evaluate your mobile workforce program. If data security isn’t at the top of your priorities, there’s still time to make a change before it’s too late.