Monday, October 30, 2006
The state of data security is in shambles. Anyone who watches the news knows this.
And the policies surrounding employee use of company-issue laptops seem to be particularly lax. In fact, laptops seem to be the weak link when it comes to data security. Research continues to find that the frequency of laptop theft in the workplace is high. Companies need to guard laptops—and the information allowed to be stored on these devices—with more vigor.
Earlier this year, the Ponemon Institute LLC and Vontu Inc. released the findings of a joint survey on the state of laptop security. Of the 500 information security professionals who participated, 81 percent reported the loss of a company laptop this past year. Furthermore, 53 percent said sensitive or confidential data stored on USB memory sticks would be impossible to track. The Ponemon–Vontu research seemed to bolster findings from an October 2005 report by CREDANT Technologies. CREDANT’s survey of 283 Global 2000 professionals found them estimating that as many as 90 percent of missing company laptops house sensitive data. The respondents, who largely agreed that laptops are most likely to be lost or stolen at work, also indicated that nearly three fourths of missing company laptops are noncompliant with California SB 1386’s encryption data requirements.
We’re seeing trends in companies’ laptop security. Despite the official post-theft statements from affected organizations, these laptops seem to be in transit often, and unsecured. And they also seem to hold sensitive data that should never be stored on portable computers.
In May, the highly publicized theft of a laptop from the Veterans Affairs Department jeopardized millions of U.S. veterans’ identities. A few months later, the theft of another laptop from the same government agency put more veterans’ personal information at risk of theft. Meanwhile, in June, Hotels.com reported the loss of a company laptop containing the financial records of about 243,000 customers, and Equifax Inc., one of the three major credit reporting companies, suffered the theft of a laptop computer containing identifying information on the company’s 2,500 U.S. employees. More high-profile thefts and losses have occurred since.
Companies should physically lock access to their laptop computers and use GPS to track them. A product from Staples®, WordLock™, allows users to employ a letter password that can be reset at any time to lock a laptop computer. And MyLaptopGPS™, an offering from AIT Solutions, LLC, not only tracks any stolen laptop worldwide via the Internet, but also silently removes all important files once the machine is stolen—returning them to the rightful user while placing them out of the criminal’s reach.