Laptop Thefts Down at the FBI

It’s not often you get to see security incident data from other organisations, so I was interested to read a report published this month about laptop losses and theft at the FBI. This type of data is hard to come by because few organisations (other than Royal Mail Group) maintain reliable, historical data on such security incidents. And even fewer publish such information. It’s good to see that the FBI has successfully reduced laptop losses by around two-thirds, from around a dozen a month to less than four a month. The figures seem consistent with other data I’ve seen. In Royal Mail Group the problem was initially bigger, though the reduction was greater. Such savings represent hundreds of thousands of dollars a year in incident and replacement costs, not to mention the value in reputation protection and safeguarding of valuable intellectual property. And it’s not difficult to reduce the losses. It just requires a small amount of research and analysis, followed by a few simple, targeted, educational interventions. It’s certainly one of the easiest and cheapest security investments for any organisation. So let’s all copy this example.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Hi David, In reply to your post about "Laptop Thefts Down at the FBI", you rightly note that losses/thefts are down, but then your article goes on to compare the FBI stats to those of the Royal Mail. "Apples to Oranges" comparison distort the true picture, but there is no way you could have (or even should have) known. FBI or contractor laptops are usually encrypted, incapable of adccessing the Internet, CD/DVD drive and USB ports blocked, and in many cases mere word processors, due to possible sensitivity of investigations. I suspect laptops at the Royal Mail did not have such functions deactivated and thus posed a greater hazard if lost or stolen. Regardless, even the loss of one laptop could spell disaster for a business, large or small. Encryption and 'additional factor' authentication(s) must be considered by all businesses for it is not a matter of "if", but "when" will that lost laptop contain information none of us would want in the public domain. In this case, an ounce of prevention is worth far more than a pound of cure. Ed Edward P Gibson Chief Security Advisor Microsoft Ltd UK