The Swimmer Drowns



For me it was a very embarrassing experience. "Computer
Editor saab, aap ka laptop chori ho gaya" was the first thing I heard when
I returned home that evening with a heavy heart. This was my elderly neighbor,
who always called me as Computer Editor, just because I edit an IT trade
magazine. But it was his stark sarcasm that made me realize that being careless
with my laptop was the last thing he expected from me. The fact that I realized
(and was made to realize next day in my office) was that the value of the data
stored in my laptop was far more than the laptop itself. My old neighbor
obviously did not know about this, otherwise he would have taken one more pot
shot at me. And since I had no passwords or any form of security protection for
all the data on my laptop, I am sure the thief who stole my laptop from my car,
would have got all the valuable (as well as useless) data residing on my laptop.

There is no way IT
managers, who also have to be role models for all other users in their
organizations, can become victims of device and data theft

What surprises me, and at the same time gives me a lot of
consolation, almost 18 months after my laptop was stolen, is a survey report
according to which IT managers-I hope they are not the CIOs-are very callous
about security. This 2005 survey, which covered 73 IT managers, out of which 25
came from organizations employing more than 1000 people, found out that almost
22% of the IT managers had lost their mobile device such as PDAs and smartphones.

And with it they lost sensitive and valuable information like
corporate spreadsheets, emails, PPTs, personal names and addresses, business
names and addresses, telephone diary, bank account details and other passwords.
Worse, almost 81% of these so called experts, people who are also expected to be
more security sensitive, admitted that they had not put any passwords or
encryptions. Yes, valuable information could fall into wrong hands, namely, the
competitor.

The story does not end here. Only 40% of the victims reported
the matter to the police, because a majority felt that the police will really
not be able to do much and that it will a waste of time going to them.
Interestingly, my experience was similar. The Gurgaon police refused to register
an FIR, asking what proof I had that my laptop was stolen, and if I could prove
that, then what proof did I have that it was my laptop, and so on and so forth.
In other words, they refused to help me.

A clear and increasing trend is that professionals are storing
lots of data on their mobile devices-and not just laptops but also PDAs and
phones. Interestingly, the same survey for the year 2004 had reported 16% cases
of loss of these devices, as against 22% in 2005. Clearly, the rate of such
incidents is on the increase. Therefore, there is no way IT managers, who also
have to be role models for all other users in their organizations, can be so
callous. It is these IT managers who chalk out the company’s technology
roadmap and influence IT adoption. If they cannot take care of security, who
will?

Actually, organizations will have to take note of this and start
formulating some kind of a policy that safeguards such devices and all the
information stored on them. With so many gadgets available today including
digicams, pen drives, and iPODs, which carry around personal as well as
corporate information, vulnerability will only be on the rise.

Secondly, they will have to sensitize their IT managers and CIOs to be extra
careful, and not fall prey. I would even venture to suggest that they should let
CIOs go through a special program to educate them about the latest trends in
threat to mobile devices. Otherwise, like an overconfident swimmer, the CIO will
drown, and also pull the company down with him.

Leave a Reply

Your email address will not be published. Required fields are marked *