Is it still necessary to have to make a case to implement encryption on laptop computers or should we, by now, simply consider it to be normal practice? Seems like a question with a pretty obvious answer but clearly not because organisations such as the Ministry of Justice – as reported here in Computer Weekly – are still losing laptops containing unencrypted sensitive data. In this instance it is the names, dates of birth, addresses and offence details of 14,000 fine defaulters.
Is it the case that encryption shouldn’t so much be mandatory as standard? It would be good to think that if my company issued a laptop that didn’t come with encryption software installed, switched on and with appropriate training provided then the recipient would come to me and complain. Of course they don’t. Instead they will pull a face suggesting that poison is being injected into their veins.
If you don’t have sensitive data on laptops then you don’t need to use encryption. Right? Research performed within my own organisation demonstrates that you cannot always predict which users will have sensitive data. To muddy the waters further there are differing perceptions on what sensitive data is.
There’s little joy to be had in spending company profits on laptop encryption, but I don’t think it’s up for debate anymore.