The world's airports have become a hotspot for laptop
theft and data loss but the deployment of some simple, yet
effective security measures can prevent your organisation's
confidential data ending up in the wrong hands, writes William
Pound, VP international corporate development atAbsolute
Software.
Airports have become rich pickings for laptop and data thieves.
Approximately 22.5 million business travellers pass through London
Heathrow's terminals every year, and according to a recent survey
by the Ponemon Institute, it is the worst offender for lost and
stolen laptops with up to 900 devices going missing per week.
Stories on data loss are hitting the headlines on almost a daily
basis, and despite most of these laptops having security
precautions such as passwords and encryption in place, there is
still a lot of fear that exists as to how the data can be used and
what the consequences might be. After all, the data contained on
the laptop will be worth considerably more than the actual device
itself.
Encryption is not enough
Many organisations are under the misguided belief that
encryption is all they need to protect their data but although data
encryption solutions are powerful tools, they are a lot like prison
walls: they prevent most data breaches, but are powerless to stop a
criminal in possession of the keys to the gates. A disgruntled
employee with access to passwords can easily obtain and abuse
confidential information.
Organisations that do not have a method for preventing internal
theft, or recovering lost or stolen devices, leave themselves
vulnerable to having critical information compromised. Encryption
is also powerless to protect hardware from theft and does nothing
to help police track down or lost or stolen devices.
As a business traveller, it is all too easy to mislay a laptop
or leave it unattended when running to catch a plane, or waiting to
board, so it is important that businesses have adequate levels of
security to help protect them against loss or theft. It is equally
important that their employees understand what the company's
security policy is and how to comply with it.
It is incredibly difficult for to ensure that security policies
and processes are adhered to by every single member of staff. Many
of the recent high profile data loss incidents have been caused by
either unauthorised staff making the wrong decisions or
negligence.
The thing that I frequently come across is disjointed security
products that have been deployed to solve a particular issue -
normally after an incident. It is imperative that a holistic
approach is taken, which is future-proof. No-one knows what the
next threats will be, but we need to protect against them.
Otherwise we run the risk of closing the stable door after the
horse has bolted, or in this case, after the data has gone missing
and the business' reputation is in shreds.
Safeguarding your assets
Business travellers are often among the most vulnerable when it
comes to laptop theft and even the most security conscious
traveller who follows best advice can fall foul to an opportunist
thief at an airport. It only takes a second for a thief to strike
or for your flight to be called and you head off only realising ten
minutes later that you've left you laptop behind. Absolute Software
offers some tips on best practice security procedures while you
travel:
- Never check your laptop in as luggage - Laptops should be taken
onto a plane as hand luggage.
- Don't make it obvious you are carrying a laptop - Rather than a
tell-tale laptop bag, laptops should be carried in inconspicuous
bags, such as backpacks or tote bags.
- Avoid leaving laptops unattended - This should definitely be
avoided at the airport as it will be 'disposed' of, but even if you
turn your back for a moment the laptop could be taken by a diligent
thief and soon lost in the crowd.
- Discourage theft by publicising the use of security products
such as asset tracking software - If thieves think that they might
be caught, they will be less likely to take it in the first
place.
- Add identification to your laptop - For example, adding
barcodes or engraving details onto the device will act as a
deterrent. Thieves usually steal laptops to immediately sell them
on. Obvious identification makes it a less desirable target.
- Be extra careful through security - Be aware of thieves
swapping briefcases coming out of the x-ray machine at
security.
However, a lost of stolen laptop doesn't need to a complete
catastrophe and it is still possible to prevent sensitive data
falling into the wrong hands. But businesses need to prepare for
worst case scenario and have a robust plan in place should one of
its mobile devices go missing.
Depending on the value placed on the data on your organisations'
laptops it is essential to add an extra layer of security to
protect this sensitive data. Software is available that enables a
lost or stolen laptop to be tracked to its location and remotely
cleanse any sensitive or confidential data it contains.
The ability to delete data remotely offers organisations the
piece of mind that should a laptop be mislaid or stolen then any
sensitive data it contains can be deleted preventing it being used
for unscrupulous activity.
Ultimately, the deployment of a robust, multi-layered security
solution that incorporates encryption and addresses regulatory
compliance, data protection, computer theft and asset tracking
should be a 'must' for any organisation with a mobile
workforce.
Absolute Software is exhibiting atInfosecurity Europe
2009on 28-30 April 2009 at Earls Court,
London.
Read more articles from Infosec 2009 >>