It would be hard not to have this week’s tip center around the massive data breach in Oklahoma (our home state), which centered upon a stolen Oklahoma Department of Human Services laptop.

So, let’s do that indeed.

According to officials at DHS, the system was protected by “multiple passwords” and a person would “have to be a rocket scientist” to get past that. I have already seen some of the ridicule this has drawn on Twitter (for example), and I assume you have too. I recently appeared on two Oklahoma news stations (here and here) to discuss.

When the underlying data isn’t encrypted, having “passwords” to protect things does not inspire 1 million people to be super-confident. It’s certainly true that the thief himself is very unlikely to be a so-called “rocket scientist.” When he sells the laptop upstream (for a lot of money) to a rocket scientist? Well, good luck, and watch your credit report, Oklahomans.

The Tip of the Week, then, is a more general concept: get serious. If your organization manages sensitive data, get serious. If you have client or customer data, get serious. If you have email, internal memos, proprietary documents, or browser-stored passwords, get serious.

MyLaptopGPS is serious, and solid laptop protection is our mission. We could have protected hundreds or even thousands of laptops for their entire life cycles merely for the same amount that OK DHS has already spent merely postage and mailing to notify the victims. Protecting the fleet would be a great thing.

We, and many other advocates, have been trumpeting the “get serious” message for years. But obviously the message isn’t getting through very well. Furthermore, the Ponemon Institute, which sets the industry gold standard for mobile data breach research, emphasizes the fact that folks still just aren’t getting it when it comes to mobile data security.

If folks were “getting it” then perhaps we could stop repeating it.

But for now we, and Ponemon, and others, will continue the drumbeat.