Back in 2006, the Veteran’s Administration experienced a catastrophic case of identity theft attributable to a stolen employee laptop. The incident resulted in the VA compensating the affected individuals in an amount totaling $20 million. Realizing the cost of such a breach is much higher than any other preventative measures could be, the VA wisely chose to encrypt staffers’ laptops and desktops. Today, the VA says it has a verified encryption rate of 99 percent, with only a handful of computers unaccounted for.
As I mentioned in a previous blog, the White House issued a requirement for all agencies to have a plan for moving forward with a BYOD (“Bring Your Own Device”) capability by September of this year. Many agencies have struggled to find a way to prevail over the security issues they face with non-agency-issued devices, which has been the biggest hold up in moving forward with this initiative. However, with VA managing to overcome this obstacle and verify the encryption of nearly all devices agents use both in the office and on the road, I see the lingering excuse of an inability to keep sensitive information secure to be a flimsy one at best.
What security measures is your agency taking to make itself more BYOD capable?