Prevention and cure against laptop theft

Prevent your company becoming the next headline by adopting a multi-layered approach to security

Another Government laptop goes missing containing highly sensitive data thus making headline news. In the last few months alone, a Government laptop containing encrypted, sensitive information was stolen from a hotel and a well-known politician also became the victim of laptop theft from her own office. These latest thefts take the Government figure for stolen laptops to 659 over the last four years. And, this figure only represents the known missing laptops; imagine all of the others that are unaccounted for.

This security threat is a very real risk for businesses as well. How many high profile organisations lose laptops containing sensitive data on corporate strategy, email exchanges and client lists in spreadsheets that we are not aware of? How many laptops does your organisation have and how many of those are lost, missing, or otherwise unaccounted for?

Mobile devices such as laptops are easily mislaid on a train or in a taxi, at airport security, or left in a public place for a few moments only for it to be stolen. With the trend for remote working on the rise, the number of mislaid and stolen laptops will increase. Remote working is in part responsible for the vulnerability of mobile devices and a certain amount of theft or loss is inevitable. However, those laptops contain more data than ever and organisations need to take steps to increase the level of security on their mobile devices.

“In today’s mobile workplace, it is easy to lose a laptop,” said William Pound, VP of International Operations, Absolute Software, the leader in computer theft recovery services, data protection and secure asset tracking™ solutions. “They are easy and lucrative targets for thieves – just the value of the operating system and applications are attractive. As such, users need to take greater care when they’re on the move so that confidential information doesn’t end up in the wrong hands.”

It is the data contained on a laptop that is of value rather than the actual device itself. For example, according to a Data Loss Survey by McAfee and Datamonitor, the average laptop holds content valued at £550,000, and some could store as much as £5 million in commercially sensitive data and intellectual property.

Public sector organisations and businesses need to review their security provisions. They are equally at risk from data loss through employee negligence or theft. It will come as no surprise to learn that the majority of security breaches, including thefts of laptops involve insiders – those who often have the necessary access, passwords and ‘keys’ to bypass traditional theft prevention measures.

“All organisations need to adopt a layered approach to security, both in terms of processes and technology, commented Pound. “Depending on the value an organisation places on its data, it is also worth considering having protective measures in place so that if a theft does occur, the laptop can be recovered and the sensitive data it contains removed.”

The first step in protection is to determine which files or systems need protecting. Secondly, reasonable and enforceable protection policies and guidelines must be put in place and adhered to. The most essential components of this should include:

• Identification of highly confidential information that should not leave the premises and if it must, be properly protected by technology, not people
• A company policy on software or hardware products that cannot be used on company equipment
• Educating employees on company policies and security measures
• Enforcing the policy by highlighting common sense and taking advantage of readily available technology that can help prevent laptop theft.

No single security measure will provide adequate protection for sensitive company information and expensive hardware. It is therefore vital that companies in both the public and private sector provide a robust, multi-layered security solution that addresses regulatory compliance, computer theft recovery and data deletion capabilities.

As experts in preventing data loss, Absolute Software recommends ten best practice measures that all organisations need to work to in order to ensure multi-layered security protection:

1. Understand the risks. As organisations open up their networks to their mobile work force, to partners, customers and others, they expose themselves to greater security risks than they encountered when traffic was mostly internal.
2. Be proactive. If you cannot identify the weaknesses in your network’s security, someone or something will identify those vulnerabilities for you. Educate yourself on the tools and techniques used today by cyber criminals as well as other security risks. Data security is a moving target that requires ongoing attention.
3. Use cable locks on laptops as visual deterrents . They are a visual deterrent and an extra physical barrier to get by. They could put off the opportunistic thief.
4. Avoid leaving unsecured mobile devices unattended . Lock them in cupboards, or other secure facilities when not in use. If they must be left in a vehicle, they should be hidden in the boot.
5. Keep laptops inconspicuous . Carrying a laptop bag makes it an obvious target. Use less obvious tote bags or rucksacks.
6. Install anti-virus software and firewalls. Prevent unauthorised access and protect valuable information with data encryption software. Keep all software products up-to-date with the latest versions or patches to help minimise security holes. Ensure web servers, operating systems and line of business applications are fully patched.
7. Frequent back-up of valuable data. Data back-up needs to happen frequently so that the information can be restored, ensuring ‘business as usual’ in the event of a loss.
8. Create a contingency plan. Identify possible damage should a security breach occur. Also consider how customers, partners or employees would be served in the event of catastrophe. Contingency plans for security should be integrated with the organisation’s overall disaster recovery plans.
9. Use asset tracking and recovery software . Install an asset tracking and recovery tool to track and recover computers that are lost or stolen, and monitor any changes or disappearances in computer memory, hard drives or peripherals.
10. Invest in advanced data protection. Data protection software is available which not only allows organisations to track fixed, remote and mobile computer assets, but it also allows for sensitive data to be deleted remotely in the event a computer is lost, stolen or nearing the end of its lifecycle.