It seems that at least twice a month we are hearing about a health care organization that has had a data breach because of a lost of stolen laptop. Every time I read about a new breach I shake my head and ask myself why aren’t these organizations using encryption to protect the contents on the laptops? I have come up with 2 conclusions:
- The organizations are not familiar with encryption technology and think it is too complex to implement
- The organizations think that implementing encryption technology is too expensive and cost prohibitive
So I thought I would take a few minutes to hopefully help enlighten some people on just how easy it is to implement encryption and how affordable encryption is.
There are many encryption products on the market. Some are free such at TrueCrypt, while others vary in cost and complexity. PGP is one of the leaders in encryption and has recently been purchased by Symantec Corporation. PGP ranges from encryption of a few laptops to 1,000s of laptops in an enterprise. PGP usually requires some infrastructure setup that allows administrators to control policies, safeguard encryption keys and monitor which laptops have been encrypted. There is some complexity that is associated with setup and deploying PGP encryption.
A product that we have been using for ourselves and our clients is called AlertBoot. AlertBoot is an easy to install encryption product that encrypts the entire laptop’s hard drive. The install is web based from the AlertBoot’s site and is very easy and painless. Depending on the size of the hard drive and the speed of the drive it can take anywhere from 30 minutes to 4 hours to encrypt the drive. You can even use the laptop while it is doing the one-time encryption. There is no risk of losing the encryption password and then being locked out of the laptop. AlertBoot has 7×24 hour support that can help a user recover a lost encryption password.
AlertBoot Support, Password Recovery, and Helpdesk
Forget your password? Have a question about AlertBoot? Don’t worry: help is always just a phone call away. AlertDesk is your personal helpdesk for password recovery and assistance— open 24 hours a day, 7 days a week, 365 days a year.
AlertDesk is completely secure and confidential. You’ll be challenged with security questions as a safety precaution to verify your identity. AlertDesk Support will never have access to your devices or your personal data.
AlertBoot encryption costs $12.95 per month per laptop. There is a 10% savings if you prepay for the year. So for around $150/year per laptop you can fully encrypt the contents of the hard drive.
Now to be clear, AlertBoot is just one of the many products on the market and I am only using them as an example because I am familiar with the technology and their monthly cost per laptop makes it easy to calculate the true cost of encrypting each laptop.
So say you have 10 laptops in your organization, you are looking at $130 month to encrypt all 10 laptops. That to me is a very reasonable price to pay to ensure that you are protecting the data on each laptop, complying with HIPAA regulations and ensuring that any patient data on the laptop is secure and protected.
To put the costs into perspective let’s take a look at some estimates of cost if a laptop is lost or stolen. According to the Ponemon study (PDF) titled “The Cost of a Lost Laptop” published in April 22, 2009, a lost laptop will cost:
- The average value of a lost laptop is $49,246. This value is based on seven cost components: replacement cost, detection, forensics, data breach, lost intellectual property costs, lost productivity and legal, consulting and regulatory expenses.
- What makes a lost laptop costly to a company is the potential for a data breach to occur. In the cases we studied, the occurrence of a data breach represents 80% of the cost.
- Encryption makes a difference. There is almost a $20,000 difference between lost laptops that had encryption installed versus those that did not have encryption.
- The cost of a lost laptop varies by industry. The average full cost of a lost laptop is highest for services industry ($112,853) followed by financial services ($71,820), healthcare ($67,873) and pharmaceutical ($50,393). The industries with the lowest average cost per lost laptop are retail ($8,756) consumer products ($2,194) and manufacturing ($2,184).
- The average data breach cost of a lost laptop also varies by industry. The highest average data breach cost is in the services industry ($108,699) followed by financial services ($68,862), healthcare ($43, 547) and pharmaceutical ($42,027). The lowest average data breach cost is for government ($12,017) followed by retail ($3,620) and manufacturing ($44).
According to the report, the use of encryption can reduce the cost of a lost laptop by $20,000. That makes the $12.95/mo seem incredibly cheap. And now that you know encryption is easy to install and the risk of being locked out of the laptop is not an issue, you should seriously consider encrypting each of your laptops. There really is no good excuse not to implement Laptop encryption.