Laptop Theft – An Insider’s Guide To Not Becoming Another Statistic
When laptops were first available, they were treated with great care and attention. To be given a laptop by your company marked you out as someone special. Today, the laptop is commonplace. They are no longer the possession of high powered business executives or IT developers. Everyone from geeks to the occasional home user is moving away from desktop computers to the laptop.
There are many reasons for this. Price, processor power, increased battery life, footprint on the desk and the move to an increasingly mobile lifestyle, are just some of them. The laptop has now become so common that it’s “just another device” to many people. As a result, people have become careless. This is evidenced in the fact that almost every week there is another story of a lost or stolen laptop making the headlines. Often these stories only appear because the person or their job is considered “high profile”. Military chiefs, intelligence officers and even developers with personal credit card information have all been “named and shamed” yet the procession of losses goes on.
Some of the cases are down to acts of simple theft. Putting a bag containing a laptop on the ground while buying a railway ticket or leaving the laptop in the boot of a car is two of the common excuses. Having it stolen while in a pub or restaurant, leaving it on a train, plane, in a taxi are also very high up there on the agenda. It seems that the laptop has succeeded the umbrella in terms of the object of property people misplace the most.
So how bad is it? Recent figures from UK police forces show that over 34,000 laptops are reported stolen each year. This is almost 100 per day and only deals with those that are actually reported to the police.
What does it cost? That’s a question with no definitive answer. You can insure a laptop for around 7.5% of its value so a £1000 laptop would cost you just £75. Most insurers will look at the model and need a copy of any invoice. If you later add software to the laptop you will need to provide additional information to your insurer and, depending on the cost of the software pay an additional premium.
What about my data? Good question. What’s your data worth to you? When did you last back it up? Basic insurance policies as described above WILL NOT include restitution of data. These are generally part of a separate insurance policy for your business. A quick call to your insurance broker will establish what these premiums are but generally expect to pay around £100 for data restitution costs of up to £5000. This is only for restoring your data – the cost of re-keying data or recovering a corrupted hard disk. It does not compensate you for unique data that you might have lost such as software under development or notes about customers. Many insurance companies will simply point out that you should have backed that data up.
A recurring theme in the recent stories, such as the US-based MCI employee whose laptop contained the personal details of 16,500 employees, is that identity theft is the key goal of laptop thieves. This is more likely to be a secondary gain to the thief rather than a major target and no police force or insurance agent would offer any figures to cover professional targeting of laptops for this purpose.
The same can be said of the number of senior executives whose laptops get stolen. Generally, they are seen as highly attractive items as they are top of the range technology. While there is an increasing market in Intellectual Property, there are no statistics kept as to whether such information is actually traded and for what sort of money. It is more likely that such information will be stolen by hackers.
Protecting against laptop and data theft would appear to be relatively easy but, in a business sense, is rarely so. Some basic steps for employees to follow in order to protect laptops include:
1. Never leave the laptop unattended in a public place.
2. Never leave a laptop on a desktop at lunch, while in a meeting or overnight.
3. Never put a laptop in hold baggage.
4. If in a restaurant or bar, always ensure that the bag containing the laptop cannot be snatched. Put the shoulder strap under your chair leg.
5. If you need to visit the bathroom, take your bag with you unless you are with a trusted colleague who you have asked to “mind” your laptop.
6. Laptop bags might look like the ideal place to keep you laptop but they stand out a mile. Try and keep the laptop in a less obvious bag such as a briefcase.
7. When in a hotel, store the laptop in the room safe, even when just going for breakfast, dinner or to use the gym. If the room doesn’t have a safe, take it to the front desk and have the hotel store it for you.
8. Never leave the laptop or the bag containing the laptop on show in the car, even if you are in the car with it. Many a bag has been snatched through a car window while stopped in traffic.
9. If you need to leave the laptop in the car, conceal it in the boot.
10. Never leave it in the boot for long periods and never leave it overnight.
These might all seem like commonsense items but for every single entry in this list you will find people who have lost their computers by not taking precautions.
What about data? Protection of corporate data is critical today. You could argue that employees should not have sensitive information on their laptop when out of the office. While this would be nice, the reality is that the laptop is a working environment. This means that the person carrying the laptop needs that data in order to do some form of work.
So what can you do?
1. Use strong but memorable passwords. – Too many people write down passwords because the password policy is unworkable. You could dispense with conventional passwords and use Pointsec PicturePIN which consists of a series of pictures so that the user simply points out the pictures corresponding to “his” story. Not only is this system just as secure as traditional passwords, but it’s easier to remember with no chance that you’ll be tempted to write your “password” down.
2. Encrypt the data on the disk. – This will ensure that even if the disk can be accessed, the data is secure. Make sure the encryption is seamless and quick, and managed centrally, so that the user cannot circumvent it.
3. Educate users about the risks of carrying too much data and do regular audits to ensure that non essential data is deleted. – It’s too easy to just “leave” data on the computer after it is no longer needed. An audit policy design as part of a risk assessment process will reduce the impact of data loss and ensure you know exactly “what” has been lost.
4. Have a backup mechanism that makes it easy for users to take copies of data daily while traveling. – Most laptops have CD or even DVD Read/Write capabilities so supply blank media to mobile workers. This can then be used as a backup when they return to the office and kept with other backup tapes and disks.
5. Have a Laptop Protection Policy. – This is a document that outlines the responsibility of the user and how they should treat their laptop and data. It is no less important than any other corporate email or data policy and, as such, should be part of the employees contract of employment.
All of these processes can be put in place very quickly but the biggest challenge is education. Without a clear Laptop Protection Policy everything else is window dressing. Even with a policy and procedures there can be no absolute guarantee that it will reduce the number of laptops stolen each year. Indeed, as the trend of replacing desktop computers with laptops continues, there will be many more devices for the thieves to target.
What you can do, however, is make it harder for thieves to get hold of devices through the simple security steps outlined above. By encrypting data and good use of passwords, you can also ensure that the only value to the thief is from the sale of the laptop and not your data.
Don’t become a statistic!