lenkacutie
03-10-2006, 12:57 PM
Protect Your Laptop
January 2006 — Laptops are a prime target of thieves -- a small, expensive device that's usually not tied down to anything. About 600,000 laptops are stolen every year in the United States. Unfortunately, it's no longer a simple case of stolen hardware when that laptop contains clients' personal data -- now it's a security breach.
--------------------------------------------------------------------------------
Recent case studies of this problem surfaced in Minneapolis, where an Ameriprise employee's work laptop was stolen from his car, along with the data for 226,000 customers. Across the country in Washington state, a small-business laptop containing 18 years worth of customer data fell into the hands of a thief.
The U.S. workforce is increasingly mobile, and with that mobility comes higher security risks. Important and confidential data is no longer tucked safely behind the doors of corporate headquarters. Companies now depend on their employees to take the proper safety precautions with work data.
According to Chaim Yudkowsky, a technology consultant and president of Byte of Success, the problem becomes more complex than laptops now that harddisks, stick memory cards, and even iPods are being used for data backup. In addition, "the loss in the case of a laptop may not be limited to the data on the device, but may also include programmed or saved logins on the laptop's browser, applications, and even a listing of other corporate passwords saved on or with the computer," he explained.
Yudkowsky said there are security options for laptop owners (and companies who give employees laptops):
Encryption. There is software encryption, for example PGP Whole Disk, that locks down the content of the device from tools that may bypass the operating system password protection.
Stronger authentication. Some laptop manufacturers such as IBM sell laptops with a fingerprint pad to obviate the ability to access the contents of the machine without the owner's finger. There are other products and techniques to accomplish this.
Machine GPS. This is the equivalent of buying insurance for a laptop, but with high probability of actually retrieving it from the thief. A global positioning system is installed on the laptop and dials into a monitoring system every day. If stolen, the owner notifies the monitor, which locates the laptop and, through the help of local law enforcement, retrieves the laptop. Machine GPS can also destroy the data on the laptop if the laptop cannot be retrieved. Lojack for Laptops (lojackforlaptops.com) is just one of the companies offering this service.
Pervasive asset management. This is a way of combining asset management and Lojack qualities. This is not as foolproof as Lojack. This approach likely assumes that theft and loss is mostly committed by an employee or someone who had a right of access to the machine, not a complete stranger.
Exit inspections. A physical exit inspection when the employee leaves the building uses either visual or software tools to inspect a laptop before it is permitted to walk out the door with any data.
Stopping it from ever happening. A business may restrict access for download of large caches of proprietary data from ever making their way to a laptop. This is a combination of communicated and software-enforced security policy of access.
"The last two may be difficult for the enlightened and empowered user to absorb," said Yudkowsky, "but increasingly you see exit inspection of personnel (including magnometers) as they leave places where they have access to high value equipment or IT. Some of these employers even prohibit camera phones and other risky devices from ever entering the workplace."
He also noted that all of these options will add cost and complexity to the efficiency and productivity of a mobile device.
And take heed: customer databases are not the only security risk. According to a Symantec study in Europe, the average estimated value of data stored in a laptop's email alone exceeded $800,000, or 500 hundred times the amount of the laptop's hardware.
January 2006 — Laptops are a prime target of thieves -- a small, expensive device that's usually not tied down to anything. About 600,000 laptops are stolen every year in the United States. Unfortunately, it's no longer a simple case of stolen hardware when that laptop contains clients' personal data -- now it's a security breach.
--------------------------------------------------------------------------------
Recent case studies of this problem surfaced in Minneapolis, where an Ameriprise employee's work laptop was stolen from his car, along with the data for 226,000 customers. Across the country in Washington state, a small-business laptop containing 18 years worth of customer data fell into the hands of a thief.
The U.S. workforce is increasingly mobile, and with that mobility comes higher security risks. Important and confidential data is no longer tucked safely behind the doors of corporate headquarters. Companies now depend on their employees to take the proper safety precautions with work data.
According to Chaim Yudkowsky, a technology consultant and president of Byte of Success, the problem becomes more complex than laptops now that harddisks, stick memory cards, and even iPods are being used for data backup. In addition, "the loss in the case of a laptop may not be limited to the data on the device, but may also include programmed or saved logins on the laptop's browser, applications, and even a listing of other corporate passwords saved on or with the computer," he explained.
Yudkowsky said there are security options for laptop owners (and companies who give employees laptops):
Encryption. There is software encryption, for example PGP Whole Disk, that locks down the content of the device from tools that may bypass the operating system password protection.
Stronger authentication. Some laptop manufacturers such as IBM sell laptops with a fingerprint pad to obviate the ability to access the contents of the machine without the owner's finger. There are other products and techniques to accomplish this.
Machine GPS. This is the equivalent of buying insurance for a laptop, but with high probability of actually retrieving it from the thief. A global positioning system is installed on the laptop and dials into a monitoring system every day. If stolen, the owner notifies the monitor, which locates the laptop and, through the help of local law enforcement, retrieves the laptop. Machine GPS can also destroy the data on the laptop if the laptop cannot be retrieved. Lojack for Laptops (lojackforlaptops.com) is just one of the companies offering this service.
Pervasive asset management. This is a way of combining asset management and Lojack qualities. This is not as foolproof as Lojack. This approach likely assumes that theft and loss is mostly committed by an employee or someone who had a right of access to the machine, not a complete stranger.
Exit inspections. A physical exit inspection when the employee leaves the building uses either visual or software tools to inspect a laptop before it is permitted to walk out the door with any data.
Stopping it from ever happening. A business may restrict access for download of large caches of proprietary data from ever making their way to a laptop. This is a combination of communicated and software-enforced security policy of access.
"The last two may be difficult for the enlightened and empowered user to absorb," said Yudkowsky, "but increasingly you see exit inspection of personnel (including magnometers) as they leave places where they have access to high value equipment or IT. Some of these employers even prohibit camera phones and other risky devices from ever entering the workplace."
He also noted that all of these options will add cost and complexity to the efficiency and productivity of a mobile device.
And take heed: customer databases are not the only security risk. According to a Symantec study in Europe, the average estimated value of data stored in a laptop's email alone exceeded $800,000, or 500 hundred times the amount of the laptop's hardware.