Our first reaction upon hearing that another laptop loaded with sensitive information had disappeared -- in this case, from GE -- was resignation.
In this case, about 50,000 employees' private data may have been compromised, according to reports. At least the device was taken from a locked hotel room, not an unattended table at an airport lounge.
After shaking our heads, we read the comment by a vice president at Protegrity. We don't want to pick on the guy because, as reporters, we're aware that snippets of an interview taken out of context can make a serious quote seem funny or flippant.
The problem is that what the analyst says probably is true.
He was commenting that the recent rash of lost or stolen laptops hasn't led to an increase in online criminal behavior. The wording surrounding the quote is a bit confusing, but the Protegrity VP suggests that people smart enough to want to use the data on the machine also are smart enough to know that there are easier ways to get it than breaking into a hotel room.
So the good news is that people ripping off laptops are run-of-the-mill thugs.
This is a very dangerous line of thought, however. Anything that provides companies with a rationale for not doing the difficult job of encrypting data and enforcing other mobile device policies is a bad thing.
It's a slippery slope: If the thieves are garden variety punks, why go to the trouble and expense of protecting the data?
The Protegrity exec may be entirely correct. But enterprises must assume that any data that leaves the enterprise -- either on laptops, in the air or on cables -- will be exploited to its fullest if it ends up in the wrong hands.