Theft of laptops and other mobile devices is spiraling, and the consequences – financial and other – are getting increasingly dire.
These two disconcerting realities are attested to by survey findings from a range of different organizations:
- More than 81 per cent of companies reported the loss of one or more laptops containing sensitive information between 2005 and 2006 – Ponemon Institute
- Financial losses from laptop theft exceed $6.7 million. Around 97 per cent of stolen computers are never recovered – FBI Computer Crime & Security Survey
- A data breach involving personal customer information can cost a company $268,000 in reporting expenses, a recent survey by McAfee and Datamonitor indicates.
Despite the irreparable harm such losses/theft – and potential data breaches that result from them – can cause to a company’s reputation and bottomline, research indicates North American businesses aren’t doing enough to protect themselves.
Around 73 per cent of companies surveyed by analyst firm Gartner Group in Stamford, Conn. didn’t have a specific security policy for their laptops.
And it’s not so much the cost of securing mobile devices – and the data on them – that is the issue, according to one Canadian analyst.
There isn’t any shortage of easy to use, inexpensive laptop security tools in the market today, says James Quin, senior research analyst at consultancy firm Info-Tech Research Group, in London, Ont.
Commercial encryption software can be purchased for as low as $50 to $80, he notes.
The real issue, the analyst says has to do with a lack of employee awareness and education.
To remedy this we’ve put together five tips on information workers can use immediately to protect their laptops and data from loss and theft.
Some of these may seem self-evident, but it’s amazing how little they are practiced.
1. Dock it or lock it up
Nearly 40 per cent of laptop theft occurs in the office. It can be prevented by using a docking station permanently attached to your desk with a feature that locks the laptop in place.
More than 80 per cent of laptops in the market today are equipped with a universal security slot.
This allows users to attach a cable lock or laptop alarm to the machine. These devices might not foil bolt cutters but they can deter most casual thieves. Locks and alarms usually retail for $30 to $50.
While your laptop may be tethered, thieves can still get away with the PCMCIA NIC card or modem that is sticking on the side of your machine. Consider ejecting these cards and keeping them in a safe place when not in use.
2. Tag your laptop for quick recovery
Permanently marking or engraving the outer case of your laptop with your company name, address and phone number is the most basic way of increasing the odds of your machine being returned should it be carelessly misplaced.
Such a marking might also deter thieves, as it could make it harder to resell your machine.
Asset recovery service providers offer tags that cost anywhere from $5 to $10 each. Typically the tags come with a 24-hour 800 number which finders can call to report the recovery. Finders are also offered a reward.
Some of the companies offering such services include TrackITBack, YouGetItBack.com, BoomergangIt, ArmorTag and zReturn.
Also consider filing out those manufacturer registration cards. It’s a very slim possibility, but if a thief ever sends in the machine for maintenance, this could raise a flag. Keep a record of laptop series numbers this.
This will help authorities determine ownership when the laptop is recovered.
3. Use tracking software
Many vendors offer software products that enable your laptop to stealthily send out a signal to tracking centres in the event the machine is stolen.
The device connects to the Internet and uses GPS technology to alert the service provider or the police of the laptop’s location.
Some of the providers and their starting prices include: CompuTrace ($50 per year), zTrace Technology ($50 per year), Inspice ($30 per year), Brigadoon’s PC PhoneHome ($30 lifetime fee), and Stealth Signal’s XTool Laptop Tracker ($40 per year).
Organizations such as government agencies, police and military services or healthcare providers, should consider laptops pre-equipped with tracking devices, said Susan Black, national sales and marketing manager at Mississauga, Ont.-based Panasonic Canada Inc.
For instance, she said Panasonic laptops come with built-in hard drive encryption tools, embedded asset tracking software from CompuTrace and fingerprint scanners that allow only registered users access to the machine.
Some top-of-the-line tracking products enable administrators to remotely delete data from a stolen machine.
4. Deploy a strong BIOS password
Thwart data thieves by password protecting the basic input/output system (BIOS).
The primary function of the BIOS is to identify and initiate component hardware to prepare the laptop so software programs stored on the machine can load, execute and assume control of the laptop.
Some laptop manufacturers have stronger BIOS than others. Find out if the BIOS password locks the hard drive so it can’t be removed and reinstalled into a similar machine.
5. Back Up and encrypt data
Always make sure to backup sensitive data. This doesn’t have to take a long time you can use built-in backup utilities that come with most operating systems.
If your network doesn’t have disk space for back ups, you can consider other offerings such as external hard drives, CD-Rs, tape back-up, even USB flash drives or online storage service.
There are also numerous vendors now offering data encryption tools that render information intelligible to anyone who does not have the proper decryption keys.
Another option is to employ a company virtual private network that encrypts data.
Info-Tech’s Quin said there are also many free alternatives available. For instance, Microsoft offers an encryption tool native to its operating system.
“Users only need to activate the Windows encrypting file system (EFS) on their laptop but many people are not aware of it”.
The EFS previously suffered from negative publicity because of a reports that it had an inferior management system.
But Quin said this has improved over the years to match many commercial encryption tools.
Another option is Truecrypt – an encryption tool available for free downloading.
“This is a very powerful tool but it is hindered by the lack of central management capability,” said Quin.
Companies deploying a large fleet of laptops might skip Truecrypt but the tool would be ideal for individual professionals or small businesses, he said.