Encryption is not a panacea for all of your data ills, as I've already noted time and again. But, sometimes it can fail even for those "ills" it was designed for. Foremost amongst those instances is when people don't follow instructions, such as not keeping their usernames and passwords in the vicinity of the computer with the data you're trying to protect. Chances are that, by not following such rules, data encryption software won't be able to protect anything.
How often do employees disregard instructions? Well, I don't know of any studies dedicated to such a subject, but I noticed today a startling set of stats in a BBC article. According to this article, about 1/3 of UK employees throw away sensitive documents, just as they would for a regular document, instead of shredding them. You know what's funny, though? "The study also found almost three-quarters of workers felt their [organizations] could do more to protect their customers' sensitive information." Cognitive dissonance, much? This implies that there is a portion of UK citizens who think that they could do more to protect customers while tossing their data into the wastebasket un-shredded: eight percent of all employees, in fact, assuming that 100 % of the 1/4 that "doesn't feel like a company can do more to protect customers' data" is also engaged in not shredding sensitive documents.
How often do employees disregard instructions? Well, I don't know of any studies dedicated to such a subject, but I noticed today a startling set of stats in a BBC article.
According to this article, about 1/3 of UK employees throw away sensitive documents, just as they would for a regular document, instead of shredding them.
You know what's funny, though? "The study also found almost three-quarters of workers felt their [organizations] could do more to protect their customers' sensitive information."
Cognitive dissonance, much? This implies that there is a portion of UK citizens who think that they could do more to protect customers while tossing their data into the wastebasket un-shredded: eight percent of all employees, in fact, assuming that 100 % of the 1/4 that "doesn't feel like a company can do more to protect customers' data" is also engaged in not shredding sensitive documents.
I often find that employees that say diametrically opposite things can hardly be trusted to conscientiously follow office policies involving the encryption of sensitive data via file encryption. Which may be why the use of persistent encryption technologies, like full disk encryption are popular: once a computer's hard disk is encrypted, it remains encrypted. Furthermore, anything saved to an encrypted drive is also protected. Until pennywise, pound foolish employees turn it off, that is. Which is why companies tend to turn towards centrally managed encryption like AlertBoot for their encryption needs. With centrally managed encryption software, an IT administrator is in charge of encrypting or decrypting computers, ensuring that endusers (the actual computer users) are not engaged in throwing a monkey wrench into a company's data security works.
I often find that employees that say diametrically opposite things can hardly be trusted to conscientiously follow office policies involving the encryption of sensitive data via file encryption. Which may be why the use of persistent encryption technologies, like full disk encryption are popular: once a computer's hard disk is encrypted, it remains encrypted. Furthermore, anything saved to an encrypted drive is also protected.
Until pennywise, pound foolish employees turn it off, that is. Which is why companies tend to turn towards centrally managed encryption like AlertBoot for their encryption needs.
With centrally managed encryption software, an IT administrator is in charge of encrypting or decrypting computers, ensuring that endusers (the actual computer users) are not engaged in throwing a monkey wrench into a company's data security works.
Related Articles and Sites:http://news.bbc.co.uk/2/hi/business/8301484.stm