A new survey from LapSafe Products has revealed that 45% of education establishments have had mobile devices – such as laptops, netbooks, MP3 players, tablets and gaming devices – stolen between 2009 and 2011.
This is the result of a survey of 100 UK schools, colleges and universities undertaken at the BETT Show 2012 in January. Most of the stolen devices were laptops and netbooks.
While the majority of institutions (83%) have an information security policy in place, more than half (53%) do not use encryption. This lack of security is surprising given the possibility of sensitive student information being lost, and the potential for a fine of up to £500,000 from the ICO.
“It is vital,” commented Denise Crouch, a director at LapSafe Products, “that educators have sufficient plans in place to reduce the risk of mobile ICT theft. This should include measures for physically securing laptops, netbooks and tablets, and should be supported by regular IT security training to help avoid the negative consequences of having devices stolen.”
Part of school policy should perhaps be required study of a recent PhD thesis written by Trajce Dimkov at the University of Twente in The Netherlands and published last month: 'Alignment of Organizational Security Policies – Theory and Practice'. In this paper, Dimkov describes a task given to students: to steal 30 computers given to randomly selected members of staff. The members of staff were given strict instructions to keep the computers safe. However, out of sixty student attempts to steal them, 30 were successful, showing that security policies are irrelevant if ignored by the people concerned.
According to InfoWatch statistics, the number of cases of theft or loss of mobile devices with sensitive information over the past two years on the contrary decreased slightly from 13% in 2009 to 10% in 2011.
Nikolay Fedotov, Head InfoWatch Analyst: “In fact, a figure of 47% is really quite good, especially in the education sector. In some countries, 47% of encrypted devices is an unattainable bar, even for government organizations.
Fast increase of the percentage is possible only through enforced measures. It might involve prohibiting organizations to purchase laptops without hardware or software encryption disks, or imposing an added tax on computers without built-in encryption. This measure will surely be effective; the challenge will be to coordinate it with law enforcement”.