Laptop Theft - An Insider’s Guide To Not Becoming Another Statistic
by Martin Allen - MD of Pointsec - Monday, 4 July 2005.
1. Never leave the laptop unattended in a public place.

2. Never leave a laptop on a desktop at lunch, while in a meeting or overnight.

3. Never put a laptop in hold baggage.

4. If in a restaurant or bar, always ensure that the bag containing the laptop cannot be snatched. Put the shoulder strap under your chair leg.

5. If you need to visit the bathroom, take your bag with you unless you are with a trusted colleague who you have asked to “mind” your laptop.

6. Laptop bags might look like the ideal place to keep you laptop but they stand out a mile. Try and keep the laptop in a less obvious bag such as a briefcase.

7. When in a hotel, store the laptop in the room safe, even when just going for breakfast, dinner or to use the gym. If the room doesn’t have a safe, take it to the front desk and have the hotel store it for you.

8. Never leave the laptop or the bag containing the laptop on show in the car, even if you are in the car with it. Many a bag has been snatched through a car window while stopped in traffic.

9. If you need to leave the laptop in the car, conceal it in the boot.

10. Never leave it in the boot for long periods and never leave it overnight.

These might all seem like commonsense items but for every single entry in this list you will find people who have lost their computers by not taking precautions.

What about data? Protection of corporate data is critical today. You could argue that employees should not have sensitive information on their laptop when out of the office. While this would be nice, the reality is that the laptop is a working environment. This means that the person carrying the laptop needs that data in order to do some form of work.

So what can you do?

1. Use strong but memorable passwords. – Too many people write down passwords because the password policy is unworkable. You could dispense with conventional passwords and use Pointsec PicturePIN which consists of a series of pictures so that the user simply points out the pictures corresponding to “his” story. Not only is this system just as secure as traditional passwords, but it’s easier to remember with no chance that you’ll be tempted to write your “password” down.

2. Encrypt the data on the disk. – This will ensure that even if the disk can be accessed, the data is secure. Make sure the encryption is seamless and quick, and managed centrally, so that the user cannot circumvent it.

3. Educate users about the risks of carrying too much data and do regular audits to ensure that non essential data is deleted. – It’s too easy to just “leave” data on the computer after it is no longer needed. An audit policy design as part of a risk assessment process will reduce the impact of data loss and ensure you know exactly “what” has been lost.

4. Have a backup mechanism that makes it easy for users to take copies of data daily while traveling. – Most laptops have CD or even DVD Read/Write capabilities so supply blank media to mobile workers. This can then be used as a backup when they return to the office and kept with other backup tapes and disks.

5. Have a Laptop Protection Policy. – This is a document that outlines the responsibility of the user and how they should treat their laptop and data. It is no less important than any other corporate email or data policy and, as such, should be part of the employees contract of employment.

All of these processes can be put in place very quickly but the biggest challenge is education. Without a clear Laptop Protection Policy everything else is window dressing. Even with a policy and procedures there can be no absolute guarantee that it will reduce the number of laptops stolen each year. Indeed, as the trend of replacing desktop computers with laptops continues, there will be many more devices for the thieves to target.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th