For tech pros, the annual Black Hat conference in Las Vegas is a “must” event, featuring the latest cybersecurity trends and learnings. It is where the good guys go to learn what the bad guys do. And it’s increasingly influential…because cybercrime is on the rise.
In advance of Black Hat, cybersecurity vendor AlertSec provided me with some eye-opening new research data. They recently surveyed the ways that people expose themselves to security threats while using a laptop. It showed an astonishing 46 percent of people admit making themselves vulnerable to having their computers and data stolen. These exposures include:
- Leaving the laptop unattended (13.2 percent)
- Leaving the laptop in the car (13.1 percent)
- Declining regular security updates (10.4 percent)
- Attaching login information to the device (5.4 percent)
- Flying with a laptop in checked luggage (4.3 percent)
Given this reality, it is puzzling that the world’s largest technical information security conference doesn’t address laptop encryption – the most basic means people have to protect data and personal information.
To learn about the “hows” and “whys” behind these numbers and the somewhat bewildering disinterest by Black Hat, I spoke with AlertSec CEO Ebba Blitz. From Blitz’s perspective, confusion and user inaction – as well as resulting industry apathy – are issues because computers in general and the numerous, sophisticated applications on each laptop are overcomplicated and more than most can handle.
The survey shows a majority of people don’t know about the security tools they’re using and can’t even guarantee what kind of security software is installed on their own laptops. So, it is unsurprising that more people could guarantee the use of ad blockers and anti-virus protection software than could guarantee that encryption software was installed on their machines. This alone should be cause for concern at all levels of IT.
Creeping complexity means that managing laptops and connected devices has become a challenging hassle. This is a reason parents frequently ask their kids for IT support, leaving security to others – because kids (and presumably IT pros) actually have the time and inclination to understand the connected devices that surround us. In fact, Blitz described a situation where she was discussing her cable TV with a service rep, and instead of speaking directly to her, the rep turned to her daughter, because “grownups don't understand anything.”
So, when “grownups don’t get it,” it is understandable that regular people and small businesses don’t maximize their physical and network “security posture.” Wishful thinking and a touch of denial are human nature – and bad things happen to the other guy! We don’t think we're going to have an accident or break a leg because we’re driving crazy or skiing badly. Or that our laptop gets stolen because we left it out in public. And the list goes on.
Daunting Security Challenges
While many continue with a security policy of benign neglect, enterprises maintain better security because machines are configured by IT departments, relieving users from complexity. For entrepreneurs and small businesses, the lack of IT creates a challenge, magnified when employees bring their own devices. This creates a real need for education about basic IT security hygiene, as well as the need to better secure laptops – which are stolen once every 53 seconds.
As an entrepreneur, ensure that you’ve installed antivirus, firewall and encryption software. Placing blind faith in the notion that we're just not that interesting to data thieves is simply denial. This creates potential for ugly surprises, given the evergreen stolen data market – particularly from laptops, which for even the smallest business contain proprietary information, intellectual property, customer records, login information, and data from third-party sources. All of it can be easily stolen and readily sold.
Blitz suggests entrepreneurs and small businesses think like enterprises and develop a cybersecurity preparedness plan, particularly focused on laptops. Start with good security hygiene, including software updates and patches, and leverage tools already in place, like antivirus software, personal firewalls, disk encryption, and multifactor authentication for increased security.
Laptops: Vulnerable and Overlooked
Starting with the laptop will help small businesses greatly reduce chances of a minor thing like a lost computer escalate into a costly data breach. Security pros must know that end-to-end laptop encryption provides the most fundamental means for protecting data and personal information, as well as customer and third-party data, and thus avoiding unnecessary headaches, acute embarrassment and added costs.
The benefits and importance of end-to-end laptop encryption should be obvious to everyone, including Black Hat. “With these findings in mind, the time is now for Black Hat to offer sessions on laptop encryption,” commented Blitz, “and for entrepreneurs and SMBs to protect the security of their most neglected, vulnerable and valuable asset—laptop data.”