Experts say laptops are the weak link in data security

New research has found that the frequency of laptop theft in the workplace is high. The findings mirrored those from last year, which indicated a similar lack of security surrounding the use of portable computers. This apparent trend in laptop theft underscores the need for companies to guard laptops—and the information allowed to be stored on these devices—with more vigor, said Robert Siciliano, personal security and identity theft expert.

“The state of data security is in shambles,” said Siciliano, who provides consumer education solutions to Fortune 500 companies and their clients. “Anyone who watches the news knows this. And the policies surrounding employee use of company-issue laptops seem to be particularly lax.”

On Aug. 15, the Ponemon Institute LLC and Vontu Inc. released the findings of their joint survey on the state of laptop security. Of the 500 information security professionals who participated, 81 percent reported the loss of a company laptop this past year. Furthermore, 53 percent said sensitive or confidential data stored on USB memory sticks would be impossible to track.

The Ponemon-Vontu research seemed to bolster findings from an October 2005 report by CREDANT Technologies. CREDANT’s survey of 283 Global 2000 professionals found them estimating that as many as 90 percent of missing company laptops house sensitive data. The respondents, who largely agreed that laptops are most likely to be lost or stolen at work, also indicated that nearly three fourths of missing company laptops are noncompliant with California SB 1386’s encryption data requirements.

“We’re seeing trends in companies’ laptop security,” said Siciliano. “Despite the official post-theft statements from affected organizations, these laptops seem to be in transit often, and unsecured. And they also seem to hold sensitive data that should never be stored on portable computers.”

In May, the highly publicized theft of a laptop from the Veterans Affairs Department jeopardized millions of U.S. veterans’ identities. A few months later, the theft of another laptop from the same government agency put more veterans’ personal information at risk of theft. Meanwhile, in June, Hotels.com reported the loss of a company laptop containing the financial records of about 243,000 customers, and Equifax Inc., one of the three major credit reporting companies, suffered the theft of a laptop computer containing identifying information on the company’s 2,500 U.S. employees.

Siciliano suggested that companies physically lock access to their laptop computers and use GPS to track them. A product from Staples®, WordLockâ„?, allows users to employ a letter password that can be reset at any time to lock a laptop computer. And MyLaptopGPSâ„?, an offering from AIT Solutions, LLC, not only tracks any stolen laptop worldwide via the Internet, but also silently removes all important files once the machine is stolen—returning them to the rightful user while placing them out of the criminal’s reach.

“Laptops seem to be the weak link when it comes to data security,” Siciliano concluded. “Track the employees who use and transport them, and train these individuals never to store sensitive data on a laptop.”

Identity theft affects us all, which is why Robert Siciliano, president of IDTheftSecurity.com, makes it his mission to provide consumer education solutions on identity theft to Fortune 500 companies and their clients. A leader of personal safety and security seminars nationwide, Siciliano has been featured on CNN, MSNBC, Fox News, “The Suze Orman Show,” “ABC News with Sam Donaldson,” “The Montel Williams Show,” “Maury Povich,” “Sally Jesse Raphael,” and “The Howard Stern Show.”

Robert Siciliano can be reached throught www.IDTheftSecurity.com, or his blog, www.IDTheftSecurity.blogspot.com.