The Florida Department of Juvenile Justice (DJJ) had a mobile device containing 100,000 youth and employee records stolen on January 2, 2013. The device was unencrypted and not password protected despite a policy by the DJJ requiring both encryption and password protection on mobile devices. This latest breach further demonstrates the importance of encrypting mobile devices but more importantly, it shows that a policy alone is not enough. Organizations and government agencies need to make sure that employees are aware and adhering to their policies. Without this, such policies are worthless.
Do you have a mobile device encryption policy? If so, do you know if employees are following it? Don’t let this happen to you.