Data security is a big deal. Last year professional services network PwC found that (PDF) the most serious data breaches cost UK small businesses on average between £75,000 and £311,000.
Interestingly, while most people accept the risks of cyber attacks, many still fail to realise quite how costly something as simple as a lost laptop can be. A US study (PDF) by Intel and the Ponemon Institute suggests that the average cost of a lost laptop to a business is over $49,000 (£34,000) – a serious price for a small business and even more so for an independent consultant.
Here's a look at the factors that contribute to this sizeable sum.
1. Intellectual property
According to one estimate, businesses keep 28% of their data solely on laptops and mobile devices carried by mobile workers. This means that if you lose the device, you risk losing information that’s vital to your current and future projects.
If you’ve ever lost important client data, you’re not alone…
What happened to the consultant who lost his laptop on the train?
Ensuring data is encrypted, as US space agency NASA did after their own laptop losses in 2012, is one way to protect important data stored directly on your laptop hard drive. However, if you’re more worried about accessing your files in the event of a lost laptop, then cloud storage may be the answer.
Syncing files to secure accounts with trusted third-party providers, who store your information on remote servers, will ensure that a lost laptop doesn’t necessarily mean lost data.
2. Disruption to daily business
Even if you back-up regularly, dealing with the fallout of a lost laptop is a major drain on your time and productivity. A 2015 PwC survey (PDF) found that dealing with a data breach costs small businesses between 13 and 24 man days: that equates to a financial hit of between £3,000 and £10,000.
The costs could stretch even further when it comes to lost laptops. As well as lost project data, there’s the investigation into how the laptop was lost, dealing with police and clients, and attempting to recover both the device and the data. In serious cases, investigations can last for years. For example, Rotherham Council’s attempted cover-up of personal data lost in 2011 resulted in the Casey Report – a government investigation that wasn’t completed until 2015.
While these kind of post mortems won’t be the norm for many independent consultants, they provide a hard-hitting insight into the potential disruption and long-term impact lost laptops can have.
3. Confidential data
If you lose a laptop that contains sensitive personal information, whether its customer, financial or HR related, you’re in breach of Principle 7 of the Data Protection Act. That means you’re open to costly legal action by those individuals whose data you’ve lost.
Just last year, the Crown Prosecution Service was fined £200,000 after laptops containing videos of police interviews were stolen from a residential flat used by the film company in control of the videos. The incident revealed that unencrypted DVDs were being delivered to the flat via courier, in contravention of the Data Protection Act.
This particular case also illustrates how a data loss can impact the client as well as the consultant – not a prospect any independent advisor wants to face, which leads us onto our next point…
4. Reputational risk
Late in 2013, Coca-Cola’s HR department took a hit when it emerged that the personal information of some 74,000 former employees was compromised when a former employee entrusted with the task of recycling old laptops stole them instead.
As you'd expect, the US Office of Inadequate Security wasn't terribly impressed, and the incident received widespread press coverage. Meanwhile, data protection experts Clearswift questioned the absence of Data Loss Protection (DLP) policies and software, which could have ensured that sensitive information could not be removed from the devices.
What the Coca-Cola incident also tells us is that taking proper care of your digital assets, both through protection of your laptop and sufficient DLP measures, can mean the difference between crisis and catastrophe when it comes to lost data.
5. The burden of rebuilding
Even on a simpler, day-to-day basis, recovering from a lost laptop can hit businesses and consultants hard. In an excellent account of his own experience with a stolen laptop, Guardian tech journalist Keith Stuart talks about how upsetting and confusing the experience was, and how important the familiarity of your laptop setup is.
Carefully considering what data you really need to store on a device you carry around with you, encrypting and password-protecting what you do keep, and backing up regularly can all help to limit the impact of losing your laptop. However, as the high-profile examples we've discussed clearly show, these types of accidents can happen to organisations of any size – and no-one is immune to making the odd honest mistake.