Once again one hears of a Building Society not encrypting its laptops, coupled with poor physical security and password management by its employeees.

In this instance, an unencrypted laptop belonging to the (former) Chelsea Building Society (which in April 2010 merged with Yorkshire Building Society), was stolen from its Cheltenham premises.

It belonged to a former Chelsea Building Society employee who had been working from home and had returned it.

Although the laptop was password protected, it appears the officer Manager had written down the password (courtesy of the former employee) and left this in a bag with the laptop under a desk overnight – so hadn’t securely locked it away.

The laptop contained a substantial part of the Chelsea Building Society customer database, but was recovered within 48 hours, and forensic investigations revealed that none of the data had been accessed during that time, although there had been several attempts to do so.

A timely reminder that even if you have the correct Security etc procedures in place, whenever you take over another company, you need to ensure all areas are operating to the same standard (eg encryption). Particularly given that following a merger, there will be some staff changes, then as in this instance laptops containing customer data may be being surrendered, and need to be secured until they have been cleansed.

A recent survey by data security firm Imperva warned that 23% of UK employees will take customer lists and other sensitive data with them when they leave their employer. So you also have to watch out for the disgruntled employee who seeing a ‘spare’ laptop lying around under the desk decides to take it away with them.