Losing the laptop blame game
The downside of mobile devices is that sometimes they go mobile in ways the owner does not expect. Just ask MI6, the FBI or most recently building society Nationwide. Unfortunately for the financial services company, whilst its public-service counterparts in computer catastrophe received little more than a ticking off for losing hundreds of machines, Nationwide has just been hit with a £1m fine following a theft. Putting consumers' identities and nest-eggs at risk is deemed more serious than national secrets — at least in the eyes of the authorities.
Arguments about the proportionality of retribution aside — the Financial Services Authority made no bones about admitting that Nationwide was being made an example of — the real issue at stake is one of practicality. Loss of a valuable laptop, and the potentially valuable data held on it, usually results in a blame game. How can anyone be so stupid as to lose a laptop during a drinking binge at a tapas bar, for example? While not everyone has the temptation of an MI6 expense account, all of us are capable of similar lapses. The problem is not with the owner but with the system that does not allow for such incidents. Disaster planning is exactly that — anticipating the unexpected. Nationwide was at fault not because it allowed a machine to be stolen from the house of one of its employees, but because it was not prepared for such an eventuality.
Encryption is one obvious way to protect data, though protected data is of little use if it goes missing and has not been backed up. And no protection will be effective if it is inconvenient — given enough freedom, the user will always find their own way around inconvenient security. And of course the idea that sensitive information should not be on laptops is thick-headed thinking. If mobile workers cannot interact with all the data they need, when they need it, then their usefulness to the business suddenly becomes extremely limited.
The correct approach, rather than purely focusing on how to prevent laptops and other mobile devices from being stolen, is to put processes and technologies in place to make sure that it does not matter. Data on mobile devices has to be protected from the fallibility of the user as much as from the malice of the thief, and that means having the facilities to manage that data. Remote data locking and deletion, as is found now on some BlackBerry and Windows Mobile devices, is the type of protection that is required, in addition to good old encryption. As mobile data becomes increasingly ubiquitous, such solutions will become more commonplace.
Meanwhile, companies such as Nationwide should not be admonished for losing laptops, but rather for ignoring the reality that we live in a world where laptops are lost every day.