I have been a regular user of trains for many years now and one of the "advantages" of public transport is sharing that time with other travellers. As I catch the 06:43 it fills with office workers, many of whom are keen to steal a march on the day ahead by switching on their laptops and ploughing into emails and spreadsheets.
What is bothering me is what hasn't changed. Without really spying, I see that nearly all the people seem to be using just their domain account to log into their device. No two steps, no two factors, no dongle. This leaves me wondering if small businesses (and some large – going by the lanyards) have still not even begun to take data security seriously: I am left thinking that most of the passenger's hard drives are not encrypted. If a thief took the laptop they could read the data at leisure.
Now, I could be wrong – I hope I am wrong - but good statistics on this are hard to find, and what if I am not wrong?
Protecting your businesses data from deliberate or accidental loss is a fundamental step towards best practice and is required for ISO27001 (Information security) and, in practice, GDPR compliance. In 2018, all businesses must ensure their data cannot be stolen as easily as one of their laptops can. Anything less will soon be considered negligent.
It is alarming that so many businesses may not have put their data security on track - and it is not hard to do. Most businesses that have taken the step are using Microsoft BitLocker to secure their hard drives from unwelcome eyes:
- Easy & Quick: Turning on BitLocker is a quick and very painless process for the laptop user
- Transparent & safe: Drive encryption (such as Microsoft BitLocker) is invisible to apps, so they will just keep working as they ever did.
- Cheap (well, free): BitLocker is included in the Microsoft Operating system