Up to 50 per cent of companies in Australia's information technology and telecommunications (IT&T) sector have no IT security policy covering mobile computer devices such as laptops.
Alarmingly, it is Australia's IT&T sector that is below the national average in the security management stakes, according to a Computer Associates' survey of 61 large organisations in a range of industries including medical, industrial, manufacturing, finance, government and retail.
Banks and financial institutions are the worst hit sector for security attacks, but are the most security conscious, according to the survey. Some 20 or more security attacks hit around 40 per cent of those surveyed from the sector this year.
Banks also showed more nous with security policies, with 80 per cent of these policies covering laptops and other mobile computing devices. This is "well above the average of 58 per cent for all industries", according to CA's head of research and development Eugene Dozortsev.
"When half of your sales force operate laptops and [the laptops are] on the road for months and months, there have to be policies," he said.
"Security management must be centralised from one location, and the IT manager should have limited access."
Andrew Hennell, national president of the System Administrators Guild of Australia (Sage) and independent IT consultant, agrees security policies surrounding laptops need to be in place.
"Policies should be in place to limit the amount of data stored on notebook computers, and to ensure that e-mails are stored on a mail server rather than downloaded to the notebook," Hennell said.
"Notebook computers [can] contain, among other things, e-mails, communications, letters, memos, client lists, network passwords and supplier information. Securing this data is made more difficult by the fact that the notebook is mobile, and often not on the premises of the company.
"Sensitive data should be encrypted to ensure that, in the event of the theft of the notebook, a third party cannot access confidential data.
"The Privacy Commissioner recently flagged confidential data on stolen notebooks as a concern. In the event of an employee being terminated, it may be best to secure the notebook well in advance of the termination," Hennell said.