News headlines about portable storage devices going
missing are as common as muck, but the problem could be even more
widespread than you suspect.
The data loss scandal du jour is the disappearance of a hard
drive containing details of 1.7 million people who had enquired
about joining the UK military.
The story ticks all the boxes: the data was unencrypted, it
included sensitive information such as passport numbers, and it
only became clear it went missing some time after the fact.
As ever, it seems that human error rather than technology
failure is to blame. This isn't unusual; people have been
misplacing documents in offices since the dawn of enterprise time,
and it's only the sheer scale of information that can be crammed
into a hard drive or USB key that makes the whole process so
A recent survey by RSA casts an interesting light on the
problem. The company asked 417 attendees at three recent
conferences a series of questions about security policy. When asked
"Have you ever lost a laptop, smartphone and/or USB flash drive
with corporate information on it?", 1 per cent said they had done so
frequently, and 9 per cent said it had happened to them "sometimes".
That indicates there are at least four complete klutzes out
there who are continually misplacing portable storage, and who we
can only hope don't work in data security. But the more disturbing
aspect is the fact that, in effect, 10 per cent of information is likely to
Companies routinely take out insurance to deal with relatively
unlikely risks. I suspect if I told my insurer that my house had a
10 per cent chance of being flooded, they'd either laugh me out the door
or demand that I take some precautions to minimise the damage.
The same logic should apply to portable devices and the
information stored on them. Can you hear the pigs flying