Here’s how to prevent a lost laptop from hurting your reputation and your bottom line

Laptops are ubiquitous in today’s IT environments. How many of your employees are using laptops in the office, on the road, working from home, or all of the above? While massively convenient, and a boon to worker productivity, laptops also represent a major liability. They are easy for employees to lose – and easy for a thief to steal.

On balance, most companies likely think the reward is worth the risk. But the risks are significant when you consider all of the valuable data stored on employee laptops, and the potential for data loss and subsequent fines, lawsuits, lost intellectual property and brand damage.

Take the recent example of SterlingBackcheck, a Texas company that provides background screening services to clients around the world.

In early August 2015, SterlingBackcheck sent out a letter informing people the company was screening that a few months prior a “password-protected laptop was stolen from a SterlingBackcheck employee’s vehicle.”

The laptop contained unencrypted data including names, Social Security numbers and birthdates for roughly 100,000 people. This kind of data is a potential gold mine for an identity thief. Which is why SterlingBackcheck has offered “free” credit monitoring and ID theft protection to those affected (those services are not actually free – SterlingBackcheck has to pay for them!).

The risk of this happening to your business is unfortunately quite high. Although you certainly have to protect yourself against the threat of criminal hackers, a large proportion of data loss is the result of a lost or stolen laptop, USB drive or mobile device. In the healthcare industry, 70% of data lost by organizations in California was the result of loss or theft of a physical device such as a hard drive or laptop, according to a 2014 report from the California Department of Justice.

The most staggering thing about these reports is that you almost never hear that the data on lost or stolen devices was encrypted. According to the 2015 Verizon Data Breach Investigation Report, an analysis of data breaches found that the words “unencrypted,” “not encrypted,” and “without encryption” were present in four times as many incident reports as phrases such as “was encrypted” and the like.

That’s unfortunate, because disk and device encryption is absolutely the best defense against this type of data loss. When data is encrypted, it is scrambled in unreadable format called cipher text, and only the person with the encryption key can unscramble it again.

What if the data on a lost laptop has been encrypted? There’s no way a crook could read your encrypted data, and the laptop would be worth only as much as the thief could get for its parts.

So, why aren’t more businesses encrypting their laptops and other devices? It’s a bit of a mystery, but perhaps it’s because businesses think they have adequate security in place already, or that encryption is too difficult or expensive to implement.

These are myths.

If you want to be absolutely sure your data is protected, encryption should be your first line of defense.

And if you still think encryption is too much of a hassle please check out the resources at sophos.com/encrypt, including free whitepapers, reports and videos, showing you just how simple it can be.