Once upon a time in the corporate kingdom, laptop computers were chunky, clunky, heavy and improbably portable. With limited memory and hard disk capacity, they were considered innovative devices that were expensive, limited in capabilities, and highly unpopular.
Now laptops are relatively small, lightweight, and have tremendous disk capacity and memory, and it seems that every corporation provides them to some employees. But while portability is the greatest attribute of the laptop, it is also its greatest weakness. With the increase in portability and capacity of the laptop has come an increase in loss and theft of both the computers and their data.
Gartner claimed in 2002 that the chances of a laptop being stolen were one in 10. The Privacy Rights Clearing House reported last month that 40% of reported private-sector data breach events in 2006 were due to laptop theft. The smaller laptops get, the easier they are to slip into a handbag, briefcase or shopping bag unnoticed. They are also easy to leave behind.
In addition to thieves, companies face human nature. Roy Stephan, director of cyber security for IT solutions provider Intelligent Decisions, warns corporations to remember that employees' negligence can be as big an issue as theft. “Even if devices aren't stolen, people lose stuff,” he said. “The smaller and more portable devices become the greater the chances of them getting left behind and lost.”
The Cost of Loss
To the corporate entity, laptop theft and loss become fiscal problems. FBI statistics show that 97% of stolen or lost laptops are never recovered. That means one loss probably amounts to between $400 and $1500 down the drain, just in cost of the physical device. But corporations need to worry about more than the laptop itself. They need to address the security of the data on the device.
Gary Bradt is an IT professional and a military veteran whose personal information was on a laptop stolen last year from the U.S. Department of Veterans Affairs . As vice president of the biometric division at Silex Technology, Bradt was acutely aware of the significance of such a loss. According to him, a biometric solution such as a fingerprint reader could have secured the data on the laptop. However, the government had not invested in that type of solution.
“Cost is always a big factor in making security decisions,” said Bradt. “Too often companies and agencies try to cut corners and economize by not spending the money necessary to secure their laptops. They frequently wind up suffering losses that are much more expensive than the security measures would have been due to the value and significance of the data being compromised or lost when their laptop disappears.”
Eric Hay, director of worldwide engineering for Credant Technologies, said, “Security has always been a nice thing, but not an essential requirement. Once the VA's stolen laptop became headline news item, the federal government reevaluated its situation and decided that appropriate security is a necessity.”
Corporations should learn from the government and implement protections before their information can be compromised. So how can corporations and their modern road warriors protect their laptops and vital company data from clever, sticky-fingered, fleet-footed thieves?
Educate and Equip Employees
One crucial step in protecting mobile data is educating laptop users on how to care for their portable machines. Companies should request or require, to the extent possible, that users take appropriate care to physically protect their laptops when out of the office. Recommended measures could include the following: