Enforce Policies on Lost or Stolen Devices
Forty-three percent of data breaches are due to lost or stolen devices, with smartphones and tablets outranking desktop and laptop computers as the devices most likely to go missing. There are numerous examples of employee negligence-related data leakage. At Oregon Health & Science University (OHSU) the PHI of approximately 1,000 patients was exposed when an unencrypted laptop was stolen from an employee's car. In a separate breach, also at OHSU, the PHI of 14,000 patients was compromised when an unencrypted thumb drive was stolen from an employee who brought it home without authorization.
Even when devices are stolen, encryption can prevent data getting into the wrong hands. This makes it vital for organizations to not only implement clearly-defined procedures for protecting mobile and employee-owned devices, but also to enforce them.