Alan Calder on IT Governance, information security & ISO 27001

According to Outlaw, a “global survey of 900 taxi drivers shows thousands of valuable mobile phones, PDAs and laptops are forgotten in taxis every day. Too often the devices are unsecured – and employers are urged to take responsibility.
Businesses are being urged to use the password and encryption facilities available on the recent crop of high memory capacity mobile smartphones to protect the data in the event of leaving the devices in the back of a cab.
In the last six months in London, 63,135 mobile phones, 5,838 PDAs and 4,973 laptops have been left in the city’s 24,000 licensed cabs. British cabbies also found a harp, a throne, £100,000 worth of diamonds, 37 milk bottles, a dog, a hamster, a suitcase from the fraud squad, and a baby.
In the past three and half years since the survey was first carried out there has been a sharp increase in the number of powerful, executive-focused mobile devices being forgotten in London taxis with 71% more laptops and 350% more PDAs being left than in 2001, which in the wrong hands could cause the owner and their company enormous damage.
The survey in London was conducted by TAXI, published by the Licensed Taxi Drivers Association, and mobile security experts Pointsec.”

One sometimes wonders why senior people – people considered mature enough to be issued with laptops, mobile phones and PDAs – are so incapable of looking after valuable data assets – their wilful negligence in relation to data protection and privacy regulation, as well as to confidentiality requirements, suggests the time is coming when people who lose one of these devices should be disciplined.

Thank heavens for the taxi drivers, who apparently re-united 80% of people with their cellphones and 96% of people with their laptops and PDAs. I hope they charged extra!

I thought that, by now, most organizations might have spotted the risk posed by USB sticks. Not so. I was in a household name organization a couple of days ago – one of those organizations were there’s restrictions on internet access, tight controls on software purchases, instant dismissal for breach of the Internet Acceptable Use Policy, and so on, and watched in stupefaction as the event organizer set up his slide presentation.
He pulled a USB stick from his pocket, put it into a port on his laptop – which was plugged into the network – and downloaded the presentation. I presumed that there must be some form of port protection installed but no.
In fact, I learned, this was the simple way that people who didn’t have laptops took work home – because of the internet gateway restrictions on document export to non-business addresses, staff simply put their work onto their (privately acquired) USB sticks, took it home, did their work, and then uploaded it again in the morning.
And no one seemed to think this was strange.