UK organisations are still failing to safeguard portable data
devices such as laptops and USB memory sticks, despite
high-profile data losses.
In the
latest incident, Lothian and Borders Police revealed this week
that an unencrypted USB stick containing vehicle registrations and
other information has gone missing.
The USB stick, last seen by staff in the road policing division
at Lothian and Borders police's headquarters, was lost between
December 2008 and January this year.
The loss does not compromise any individuals involved in police
investigations, said a police spokesman.
Daniel Östner CEO at security firm BlockMaster, said data stored
on any insecure standard USB stick means that data is at risk to
unauthorised access.
USB drives cannot ensure confidentiality and as the physical
size of these devices decreases, they are becoming easier to
misplace, he said.
An estimated 9,000 USB sticks are lost at UK dry cleaners alone
according to a survey by security firm
Credant Technologies.
BlockMaster puts the global figure of lost USB sticks at around
20 million.
Security is also still low on business laptops with 90% of those
sent for data retrieval not having any form of encryption,
according to IT services firm
Kroll Ontrack.
This shows Lothian and Borders Police is not alone in failing to
recognise the value of encryption, said Robert Winter, chief
engineer of data recovery at Kroll Ontrack.
"Given the volume of data lost on removable media, it is clear
the lessons about the vulnerability of USB sticks and laptops have
not been learned," he said.