This past July, 10 laptop computers and nine external hard drives were stolen from a Naval headquarters office. Luckily, the theft turned out to be less damaging than it could have been: Only one of the laptops contained "high risk" information on fewer than a dozen people. The external hard drives were either still in their boxes or encrypted.
Theft isn't the only security risk for laptops and external hard drives, of course. You also need to protect yourself from forgetfulness-like leaving your computer at the airport security checkpoint or a thumb drive on the table at the coffee shop-while using Wi-Fi.
According to a white paper by the Ponemon Institute, "The Human Factor in Laptop Encryption: US Study," encryption is one of the most important security tools. The study found that:
"a high percentage of employees we surveyed in non-IT business functions (referred to as business managers in this report) are not taking such precautionary steps as using complex passwords, not sharing passwords, using a privacy shield, keeping their laptop physically safe when traveling or locking their laptop to protect sensitive and confidential data. Further, many respondents believe that encrypted solutions make it unnecessary to take other security measures."
In an InformationWeek article by J. Nicholas Hoover, the Navy's incident is given as a prime example of the growing importance of securing any and all portable devices. It's not enough to just encrypt laptops, but as Steve Muck, lead of the Navy's CIO privacy team stated in Hoover's article: "External hard drives are becoming as vulnerable as thumb drives," Muck wrote. "A best practice should be to physically secure them at the end of each work day."