We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

48 NASA Laptops Stolen in Two Years: A Case for Better Encryption Practices

It's not only businesses that need to worry about laptop security.

It's not only businesses that need to worry about laptop security.

Even NASA laptops are vulnerable to theft and poor security practices: 48 NASA laptops or mobile devices were stolen from America's space agency between April 2009 and April 2011, including one--unencrypted--laptop containing control codes for the International Space Station (ISS).

Although ISS does not appear to be in jeopardy, according to a NASA public affairs officer who spoke to the Security News Daily, the NASA security breaches underscore how serious and difficult a problem laptop and mobile device theft is--whether you're a government agency or a small business or an individual.

In his testimony last month before the Science, Space and Technology House subcommittee, NASA Inspector General Paul Martin admitted that only 1 percent of NASA's portable devices are encrypted. That leaves 99 percent of the agency's laptops and mobile devices left unprotected, storing possibly not just employees' personal data such as Social Security numbers, but also third-party intellectual property and perhaps space or government secrets (yes, I watched many episodes of Chuck).

Biggest Nightmare for a Business?

Lost laptops and lost mobile phones have long topped the list as the biggest nightmare for security chiefs and PR teams (see this Laptop Losers Hall of Shame for some older cringe-worthy stories). Why does encryption continue to pose such a big business challenge?

NASA offers a good example. It doesn't have an agency-wide data encryption system or solution. Individuals can encrypt a laptop at the file, folder, or drive level, but that could leave too much room for error or leave too much up to user discretion. A centralized, managed encryption solution for your whole fleet of mobile devices is a better idea, but obviously may involve more costly enterprise resources. Implementing such a system across a chain of command, with lots of people and systems involved, no doubt requires a lot of planning and commitment.

Considering that the average value of an individual lost laptop has been computed as more than $49,000, however, making sure each laptop is encrypted before it leaves the room with sensitive data on it is probably well worth the investment.

Follow Melanie Pinola (@melaniepinola) and Today@PCWorld on Twitter

IDG UK Sites

Sony Xperia Z3+ release date, price and specs: The Xperia Z4 for the UK

IDG UK Sites

Why Intel’s vision of the future is a future I want to live in

IDG UK Sites

10 amazing, creative uses of tech – and the brands behind them

IDG UK Sites

Jony Ive 'semi-retired' into new role: kicked upstairs as Chief Design Officer