Security: Don't Spring a Data Leak - 'ZIFFPAGE TITLEFear Factors '

Fear Factors

Regions Financial, for one, has taken steps to seal the cracks. The 25,000-employee company, which operates 1,300 bank branches in 16 states, encrypts the entire hard drives of its thousands of laptops. (Zimmerman wouldn't name the encryption software Regions is using or say exactly how many laptops it maintains.)

Is scrambling every bit of data on every laptop overkill? Not to Zimmerman. "I can guarantee you that there would be confidential information on almost every laptop in the organization," he says.

But the danger of data leaks obviously extends beyond portable computers. Regions also uses software from Vericept to monitor all outgoing e-mail to make sure it doesn't include confidential information. The software uses statistical analysis on text in messages and attachments to find content that violates the company's policies. Most often, transgressions are accidental, Zimmerman notes: "People don't realize they've hit 'reply to all.'"

Some I.T. executives say portable storage devices—namely, thumb-size USB drives—scare them more than the possibility of a laptop vanishing. "If you were stealing something, why would you carry a laptop out the door when you could throw data on a 60-gigabyte USB drive?" asks Jim Brockett, chief information officer at Washington Trust Bank in Spokane, Wash.

Washington Trust this year plans to deploy software from security vendor NextSentry that will prevent any of its 900 employees' computers from using USB storage devices, and will provide other monitoring functions like flagging e-mail for certain keywords and phrases (say, "account number").

"We're not informing users about [the project]," Brockett says, "but we've let them know we have the right to monitor them."

NEXT: Mistakes Will Be Made