It’s becoming clearer these days that not only are organizations woefully “behind” on their data security projects, but even those who do take action tend to leave their infrastructure only moderately secure.

An interesting article based on a survey from Information Week highlights some of the issues, not the least of which is that only 14% of survey respondents say encryption is “pervasive” in their organizations, and only 38% encrypt data on mobile devices. Furthermore, 31% characterize the extent of their use as “just enough to meet regulatory requirements.”

Rather than bantering statistics around all day, it’s important to focus on the key issues (no pun intended), and a generally distasteful attitude toward security is clearly pervasive. The “security department” is generally the last one invited to the company cocktail party, and IT security personnel are often seen as the spoilers of usability and productivity.

It’s a tough dichotomy, and never seems to end.

But it’s important for your business’ security approach to be as strong as reasonable, not merely “as weak as we can tolerate.” One application of this philosophy is in the realm of encryption, where a comprehensive approach should encrypt all data, or as much as is reasonably possible, rather than relying on employees to only place sensitive data in one or two “secure” folders, or hit-and-miss across the hard drive. Relying on employees in that way is akin to having no encryption at all, and expecting employees “not to store data” on the mobile device.

Interestingly, even that last method is most common.

Encryption can be both effective and user-friendly, and it can operate with little to no impact on system performance. So use it comprehensively!