|
Mobile computing has become a lifeline for modern business people. But the laptop generation has had to cope with a concurrent increase in thefts, as opportunistic criminals target portable, high-value devices that also contain valuable information.
When laptops were first available, they were treated with great care and attention. To be given a laptop by your company marked you out as someone special. Today, the laptop is commonplace. They are no longer the possession of high powered business executives or IT developers. Everyone from geeks to the occasional home user is moving away from desktop computers to the laptop.
There are many reasons for this. Price, processor power, increased battery life, footprint on the desk and the move to an increasingly mobile lifestyle are just a few. The laptop has become so common that to many people, it's 'just another device'. But familiarity has bred carelessness. Almost every week a lost or stolen laptop makes the headlines. These stories only appear because the person or their job is considered high profile. Military chiefs, intelligence officers and even developers with personal credit card information have all been named and shamed, yet the losses continue.
Some cases are down to acts of simple theft. Putting a bag containing a laptop on the ground while buying a railway ticket, or leaving the laptop in the boot of a car are two common examples. Having it stolen while in a pub or restaurant, leaving it on a train, plane, in a taxi are also very common - the laptop has succeeded the umbrella in terms of the object of property people misplace the most.
So how bad is it? Recent UK police figures show that over 34,000 laptops are reported stolen each year. This is almost 100 a day and only reflects those that are actually reported to the police.
What does it cost? There is no definitive answer. You can insure a laptop for around 7.5% of its value, so a £1,000 laptop would cost £75. Once you add software to the laptop, you will need to inform your insurer and, depending on the cost of the software, pay an additional premium.
What about my data? Good question. What's your data worth to you? When did you last back it up? Basic insurance policies as described above will not include restitution of data. This service is generally part of a separate insurance policy for your business. A quick call to your insurance broker will establish what these premiums are, but expect to pay around £100 for data restitution costs of up to £5,000. This is only for restoring your data - effectively the cost of re-keying data or recovering a corrupted hard disk. It does not compensate you for unique data that you might have lost such as software under development or notes about customers. Many insurance companies will simply point out that you should have backed that data up.
A recurring theme in the recent stories, such as the US-based MCI employee whose laptop contained the personal details of 16,500 employees, is that identity theft is the key goal of laptop thieves. This is more likely to be a secondary gain to the thief rather than a major target and no police force or insurance agent would offer any figures to cover professional targeting of laptops for this purpose.
The same can be said of senior executives whose laptops get stolen. Generally, their top of the range technology are attractive items. While there is an increasing market in intellectual property, there are no statistics kept as to whether such information is actually traded, and for what sort of money. It is more likely that such information will be stolen by hackers.
Protecting against laptop and data theft would appear to be relatively easy but, in a business sense, is rarely so. Some basic steps for employees to follow in order to protect laptops include:
1. Never leave the laptop unattended in a public place.
2. Never leave a laptop on a desktop at lunch, while in a meeting or overnight.
3. Never put a laptop in hold baggage.
4. If in a restaurant or bar, always ensure that the bag containing the laptop cannot be snatched. Put the shoulder strap under your chair leg.
5. If you need to visit the bathroom, take your bag with you unless you are with a trusted colleague who you have asked to 'mind' your laptop.
6. Laptop bags might look like the ideal place to keep you laptop but they stand out a mile. Try and keep the laptop in a less obvious bag such as a briefcase.
7. When in a hotel, store the laptop in the room safe, even when just going for breakfast, dinner or to use the gym. If the room doesn't have a safe, take it to the front desk and have the hotel store it for you.
8. Never leave the laptop or the bag containing the laptop on show in the car, even if you are in the car with it. Many a bag has been snatched through a car window while stopped in traffic.
9. If you need to leave the laptop in the car, conceal it in the boot.
10. Never leave it in the boot for long periods and never leave it overnight.
These might all seem like commonsense items but for every single entry in this list you will find people who have lost their computers by not taking precautions.
What about data? Protection of corporate data is critical today. You could argue that employees should not have sensitive information on their laptop when out of the office. While this would be nice, the reality is that the laptop is a working environment. This means that the person carrying the laptop needs that data in order to do some form of work.
So what can you do?
1. Use strong but memorable passwords. Too many people write down passwords because the password policy is unworkable. You could dispense with conventional passwords and use Pointsec PicturePIN which consists of a series of pictures so that the user simply points out the pictures corresponding to 'his' story. Not only is this system just as secure as traditional passwords, but it's easier to remember with no chance that you'll be tempted to write your 'password' down.
2. Encrypt the data on the disk. ' This will ensure that even if the disk can be accessed, the data is secure. Make sure the encryption is seamless and quick, and managed centrally, so that the user cannot circumvent it.
3. Educate users about the risks of carrying too much data and do regular audits to ensure that non essential data is deleted. ' It's too easy to just 'leave' data on the computer after it is no longer needed. An audit policy design as part of a risk assessment process will reduce the impact of data loss and ensure you know exactly 'what' has been lost.
4. Have a backup mechanism that makes it easy for users to take copies of data daily while traveling. ' Most laptops have CD or even DVD Read/Write capabilities so supply blank media to mobile workers. This can then be used as a backup when they return to the office and kept with other backup tapes and disks.
5. Have a laptop protection policy.This is a document that outlines the responsibility of the user and how they should treat their laptop and data. It is no less important than any other corporate email or data policy and, as such, should be part of the employee's contract of employment.
All of these processes can be put in place very quickly but the biggest challenge is education. Without a clear laptop protection policy everything else is window dressing. Even with a policy and procedures there can be no absolute guarantee that it will reduce the number of laptops stolen each year. Indeed, as the trend of replacing desktop computers with laptops continues, there will be many more devices for the thieves to target.
What you can do, however, is make it harder for thieves to get hold of devices through the simple security steps outlined above. By encrypting data and good use of passwords, you can also ensure that the only value to the thief is from the sale of the laptop and not your data.
Don't become a statistic! |
