When it comes to security there are certain companies that simply cannot afford a high profile snafu. My company for example is into eBanking and so we have really strict security requirements. While I believe in the real world nothing is 100% safe, not even the bank vault that holds the money, it is important to at least rid yourself of low hanging fruit! Most thieves want maximum impact with minimum effort/time. Having previously worked for an IS company in the Health Care Industry, patient information was by law suppose to be treated like nuggets of gold and we, the IS department, were to act like leprechauns running from all the people that would wanted to make a quick buck.
In industries such as these it not always the Social Security Number that allows the bad guys to do bad things, it is a composite of apparently mundane information that can provide enough of a foothold for someone to get even more critical or damaging data. A manager I once had described it in military terms. For example, if the army started stock piling socks and army boots for 2 month, this information by itself would appear harmless. Well what if we also found that they were stockpiling rations, and that they expected an increase in water per soldier. The pieces of data may lead to a conclusion that should have been classified e.g. increase infantry troops in the Middle East, or wherever, or even whatever. The point is information in all its forms should be secure.
Use of notebooks and laptops have ballooned over the last few years and while our connections are secure, and passwords 20 characters long, simple theft is still an issue. Pointec provides industry leading encryption software, some of their sale info suggests that "60% of information theft results from lost or stolen equipment; only 25% from network intrusion. In short, every laptop, PC, PDA or smart phone is a potential weak point - unless you have Pointsec encryption software."
Something to think about!
"The secret of getting ahead is getting started." - Agatha Christie