The raft of data breaches involving lost laptops and mobile devices that occurred last year, both in the government and private sector, led to a rash of organisations running out to encrypt these mobile devices. While an effective tool in helping to secure data on mobile devices, encryption by itself is not a silver bullet nor the answer to the problem. You still need to ensure that people minimise the amount of sensitive data they store on mobile devices and most importantly that they are properly trained and educated in how to use the technology employed to protect that data.
This story from the Lancashire Evening Post is a prime example of where security is the effective combination of People, Process and Technology. The story reports on how a USB key containing medical details of over 6,300 prisoners was lost. The good news is that the USB key was encrypted, however the bad news is that the pass-phrase to decrypt the information was attached to the USB key. This in reality makes the encryption worthless and provides no security to that data.
So remember when deploying technology to enhance the security of your organisations remember to ensure that those who will be using that technology are properly trained in its use.