Two years ago, long before I joined the staff of SecurityInfoWatch.com, I was working in a small publishing firm in a northern suburb of Atlanta. We were on the ground floor in a small office building that was shared with a number of other companies. This building was a lot like a lot of the office buildings built in the early 1990s in Atlanta. It had floor-to-ceiling double-paned glass windows, lots of landscaping, a simple prox card access control system that only controlled one of the doors into the building, and of course, it backed up to a small hill covered with trees.
On one springtime Saturday night, thieves struck our offices. The evidence suggested that the thieves parked some sort of van, truck or SUV nearest the side that backed up to the woods, then used blunt object to smash out the glass of the CEO's office, and entered the office. Being a weekend after a heavy sales period, all of our computers and laptops were at the office. The sales staff was having a short break and all but one of them had left their laptops on their desk...without cables or locks. Our graphics machines for designing our magazines were on their desks and all of our other staff members' machines were on their desks too. The thieves had a heyday. The grabbed all the available laptops, then cut cables and made off with our graphics machines, gained access to our other associates' offices and left with their machines, leaving only the offices two oldest computers, the one the CEO used and an old iMac that I had been using. And while they snubbed my machine for not being a computing powerhouse, they did manage to look in my unlocked cabinet and grab a professional camera rig that I often used at the office for photo shoots.
We found the wreckage on Sunday, and slowly pieced our work back together, made all the more difficult because of the fact that we had not backed up the laptops, and the graphics machines' back-up hadn't been run in a week.
I wish I could say that was the end of it. We did what most companies would do and had an alarm system installed. It was pretty basic. It used a door sensor (we had one door in and out) and motion sensors with your basic keypad. The idea was that if they came in the door, we'd know, and if they smashed the glass, we'd know because the motion sensors scanned the perimeter hallway of the office.
We had just completed all of our technology buys and it was probably fairly obvious to anyone who was casing the office that we were back up to speed. The insurance payout loaded us up with the latest machines. The alarm system, unfortunately, was still in its testing mode and wasn't set up for monitoring yet.
It was, therefore, a great time for the thieves to return. And return they did. It was almost the same operation, they smashed a window (this time it was in an office whose windows were a little further back into the woods), the alarm went off but nothing dialed out, and so they had plenty of time to go through and hand-pick the five or so top computers in the office. There was even another attempted break-in, but this time the alarm worked and the would-be thieves were scared away before they could steal anything. After that instance, we ended up adding a smash-resistant, blast-resistant covering for the windows as an extra precaution.
My coworkers and I felt very violated by the fact that someone could break in three times, and it took us an awful amount of work hours to recreate what was lost to the thieves. Sales contacts, articles for the magazines, graphic layouts, business plans, etc., it was all gone on the Toshibas and Macintosh computers that walked their way out of our lives.
So when I saw the news announcement that Absolute Software was installing firmware on some new IBM laptop computers to track stolen computers, it hit home.