We have come so far in understanding, measuring, and communicating basic information security factors. Yet, the challenge continues as a recent news story shows. A police chief assured the community that data from a stolen police laptop was secure:
"The police chief said he's been advised that it's unlikely anyone could access personal information stored on the stolen laptop because the battery is so old it barely functions without a companion power cord."
For the record, just because you cannot start a computer, does not mean the data it contains is secure. Data residing in nonvolatile memory, which remains intact even after the power is turned off, must be secured in ways to insure it cannot be accessed by other means. Encryption, device destruction, and data sanitization are normal methods which have proven to secure data if done correctly. Additionally, beyond the data exposure potential, the actual configuration of a lost device, both in hardware and software, may expose ways for an unauthorized external computer to gain access to the secured network.
Caution to the wise. Any device which stores data should be addressed before it is abandoned, sold, or reused outside of your control. This includes PC's, printers, network gear, hard drives, and USB sticks. Data destruction is important. Knowing how data can be exposed is the first step in avoiding unfortunate data loss situations.