One of the costliest forms of data theft isn’t what you think. We all know by now to cover the PIN pad when we input our PINs on gas pumps and other credit card machines because of the threat of card skimmers. For the most part Chip and PIN technology has taken care of that threat. Many of us have also been cautioned about the threat of “juice-jacking” in which cybercriminals can gain access to our valuable information through the use of cell phone chargers. But the biggest threat the physical security of our data faces is the loss and theft of laptops and mobile devices, and businesses pay a hefty price for this pervasive yet unrecognized form of physical data theft.
Basic security measures often lull us into a false sense of security. Passwords will protect a laptop or a smartphone to a certain point, but unless there is high-tech encryption of the data contained on these devices a simple password alone is not enough. Likewise, being in the secure environment of an airport or locking our car doors makes us feel more secure than we really are. In reality, a determined thief is not deterred by any of these steps.
On average, 25% of laptops are stolen from a car or an office, and 14% are lost or stolen in airports or on airplanes. Only a quarter of these lost and stolen devices are ever recovered. Most laptops and smartphones contain easily accessible data that can be used to gain access to more sensitive data. Things like passwords and account numbers are easy to retrieve, and if you stay signed in to your email account a seasoned hacker can gain access to every account you have associated with that email address.
In 2006 a major data loss occurred when a Department of Veterans Affairs employee’s house was broken into and a laptop and hard drive were stolen. Those devices contained unencrypted private data from millions of former and current soldiers and their families. Information lost included 26.5 million names, social security numbers, and dates of birth, a full set of information from which thieves can easily steal an identity. It also included the disability rating of 2.6 million former soldiers, including the very personal and private information about their medical conditions.
Because of these vulnerabilities, the actual cost of replacing a lost or stolen device is eight times on average the cost of the device itself. The administrative time it takes to reset and secure any points of vulnerability adds up quickly, and the cost can be exponentially more for legally protected personal information like medical and health information.
In order to protect your physical data, never leave devices unattended and either secure them in a locked office or use a cable lock to prevent them from being taken. Use passwords and lock screens on all your devices and don’t store sensitive data directly on your devices if it can be avoided. Turn off your Bluetooth and WiFi when you aren’t using them, and don’t make your device discoverable on strange networks.
Learn more about physical data theft below.