|
Laptops are lovely. They are convenient, mobile, powerful and prestigious. They are also thief magnets. Over 400,000 laptops disappear each year,
leaving their owners wondering where they went, what is happening with their
data and what to do next.
Some of the laptops are just lost – left in cabs, at hotels, restaurants and
at conferences and events. Many of these laptops (but not all) find their way
back to their lucky owners.
Some are stolen by people – many of them co-workers, service staff or people
taking advantage of a “moment of opportunity” – who just want to have a laptop.
Some are stolen by professional “Laptop Lifters” who may work in teams to
steal the laptops for resale.
And others are stolen, not for the laptop itself, which may be a bonus, but for
the data on the laptop’s hard drive – financial or identity data or business
plans or data.
For example:
- QualComm’s CEO had his laptop stolen while he was conducting a Press
Conference. Reportedly, some of QualComm’s most valuable secrets were on
that laptop, unencrypted and only protected by an easily bypassed password.
- A Department of State laptop containing high level information on
nuclear proliferation was stolen right from State’s headquarters. Two
administrators were fired and other personnel were reprimanded.
Think about it – What other piece of equipment or personal possession do we
routinely carry around that is worth over a thousand dollars, by itself, and may
be worth thousands more in data? Why wouldn’t that be attractive to thieves?
A large part of the problem is less on the hardware or software end of
things, it’s in the HUMAN side of things. By raising our awareness many of the
vulnerabilities can be greatly lessened.
There are 3 areas of vulnerability:
- Securing the actual laptop
- Securing the Data
- Getting the laptop back.
{mospagebreak}
Securing the actual laptop
There are many ways to control the physical security of a laptop.
There are cable locks that can be attached to an immovable object to make it
more difficult to just pick up the laptop and walk away. Although these cables
can be cut with a bolt cutter, some of them are combined with an alarm that will
sound if the cable is cut.
Alarms or motion detectors are also available without the cable locks. They
can be set to activate whenever the laptop is moved or when the laptop is moved
a certain distance away from a pocket receiver that the owner has, which also
alerts the owner.
Use a laptop carrying bag that does not look like a laptop case. Having a
laptop case that says IBM or Sony is advertising that you are carrying a highly
valuable commodity. Consider using a backpack with your laptop in it in a padded
sleeve. One of the prime places for laptop theft is the men’s bathroom in
airports and convention centers. Another prime place that laptops are stolen is
at pay phones in a busy area.
Just as there are pickpocket teams, one of whom distracts you by
“accidentally” bumping into you while the other steals your wallet, there are
“Laptop Lifters” one of whom will accidentally spill something on you while the
other walks off with your laptop. A good rule to follow is: any time there is a
diversion near you, put your hand on your laptop.
People usually feel comfortable at conferences and conventions. After all,
you are usually surrounded by your peers, and there are often convention staff
around to provide security. Often the theft will take place on the second or
third day, when IDs for entry are not being checked as stringently, and many of
the attendees are NOT wearing their badges. Many times people will leave laptops
unguarded on or under conference tables during breaks.
Even if it is not your laptop that is stolen, your PCMIA cards – modem or
wireless connectors – can be stolen in an instant. Not only is this a loss of
value, it’s also a real inconvenience.
It’s a good idea to engrave your company information prominently on the
outside of the laptop and on its carrying case. It makes it less attractive to
the thief, because it makes it easy to identify and makes it harder to sell.
Having a large or conspicuously colored luggage tag securely affixed makes it
less attractive because thieves like to be “invisible.”
You also should be sure to send in that little registration card that came
with your laptop. Sometimes a stolen laptop will be sent back to the
manufacturer for repair by the person who had innocently bought it from the
thief. You may get your laptop back this way.
Don’t leave your laptop in your car. If it is visible, you may lose your
laptop AND have to pay for the damage to your car. Rental cars are often the
special target of thieves, especially at popular restaurants or shopping malls.
Plus, the extremes of temperature (both hot AND cold), can either fry your
laptop or freeze the LCD screen.
{mospagebreak}
Data Security
Losing your laptop may mean you’ll have to shell out $1,000 - $3,000 for a
new one. Losing your data can be MUCH more serious. Many people ONLY have a
laptop, so ALL of their data is on it. Plus, most people don’t back up their
data as often as they should.
Replacing the data can be a pain. But losing your PERSONAL data, including
perhaps your Social Security number, PIN numbers, credit card info, etc can be a
form of personal hell. Here are the steps you should take:
Set a BIOS password. BIOS is the first program to load when you turn on your
computer. Your laptop will not boot at all until that password is entered.
Although there are ways to bypass this, (there’s all kinds of info on the ‘Net),
it’s the first in several layers of security you can institute. Use the NTFS file system (assuming you are using XP). NTFS
has strong encryption capabilities not available in FAT or FAT32.
Prevent data loss through your Infrared port. Do you actually use your
infrared port? Do you even know if you have one? If you do have one, your
computer can be hacked into all the way across the room! A simple way to disable
it is to put a piece of black electrical tape across it. (It’s a little dark
window, generally on the back of your laptop). Alternatively you can disable the
infrared port completely. Because each laptop manufacturer has different steps,
search on Google or Yahoo for “Disable Infrared Port” and add your laptop
manufacturer’s name to the search terms.
Back up your data before you leave your office. That way, if your laptop is
lost or stolen, you have not lost your files. Consider keeping sensitive files off your laptop hard drive. A DVD can hold
multiple gigabytes of data and can be carried in your pocket. A USB storage
device is also quite handy.
If you are running XP Pro, your can encrypt your data using EFS (Encrypting
File System), so it will be totally unreadable without the decryption key. If
you don’t have the Pro version, you can purchase third party encryption
software.
Getting your laptop back.
So the worst has happened and your laptop has disappeared. Hopefully, you
have your name and phone number on it somewhere, so it can be returned to you if
it was just left in a cab. If you’ve taken the right steps before it disappeared, there’s a fair chance
you will get it back. Here’s what you can do to increase the chance of getting it back:
There are software solutions that allow you to trace your laptop if it ever
connects to the Internet. For instance,
www.computrace.com
will give you the IP
address wherever your laptop logs on. The cost is under $50. Getting the police
to go and recover your laptop is another story, however.
According to some reports, when the police cooperate, recovery is up to 90%!
All in all, the most effective preventative is user awareness. Reportedly,
Arthur Andersen CPA firm not only has classes and posters on laptop (and other)
security, but they also have roving security personnel who take unattended
laptops, cell phones, purses and PDAs off of desks and other unsecure locations,
leaving a note behind telling the hapless “victim” where to get their property
back. Quite an education, and probably pretty effective in raising awareness!
Steve Freedman is the author of Help!
Something's got hold
of my computer ...and it won't let go! |
