Infosec 2009: How to beat airport data theft threat

The world's airports have become a hotspot for laptop theft and data loss but the deployment of some simple, yet effective security measures can prevent your organisation's confidential data ending up in the wrong hands…

The world's airports have become a hotspot for laptop theft and data loss but the deployment of some simple, yet effective security measures can prevent your organisation's confidential data ending up in the wrong hands, writes William Pound, VP international corporate development at Absolute Software.

Airports have become rich pickings for laptop and data thieves. Approximately 22.5 million business travellers pass through London Heathrow's terminals every year, and according to a recent survey by the Ponemon Institute, it is the worst offender for lost and stolen laptops with up to 900 devices going missing per week.

Stories on data loss are hitting the headlines on almost a daily basis, and despite most of these laptops having security precautions such as passwords and encryption in place, there is still a lot of fear that exists as to how the data can be used and what the consequences might be. After all, the data contained on the laptop will be worth considerably more than the actual device itself.

Encryption is not enough

Many organisations are under the misguided belief that encryption is all they need to protect their data but although data encryption solutions are powerful tools, they are a lot like prison walls: they prevent most data breaches, but are powerless to stop a criminal in possession of the keys to the gates. A disgruntled employee with access to passwords can easily obtain and abuse confidential information.

Organisations that do not have a method for preventing internal theft, or recovering lost or stolen devices, leave themselves vulnerable to having critical information compromised. Encryption is also powerless to protect hardware from theft and does nothing to help police track down or lost or stolen devices.

As a business traveller, it is all too easy to mislay a laptop or leave it unattended when running to catch a plane, or waiting to board, so it is important that businesses have adequate levels of security to help protect them against loss or theft. It is equally important that their employees understand what the company's security policy is and how to comply with it.

It is incredibly difficult for to ensure that security policies and processes are adhered to by every single member of staff. Many of the recent high profile data loss incidents have been caused by either unauthorised staff making the wrong decisions or negligence.

The thing that I frequently come across is disjointed security products that have been deployed to solve a particular issue - normally after an incident. It is imperative that a holistic approach is taken, which is future-proof. No-one knows what the next threats will be, but we need to protect against them. Otherwise we run the risk of closing the stable door after the horse has bolted, or in this case, after the data has gone missing and the business' reputation is in shreds.

Safeguarding your assets

Business travellers are often among the most vulnerable when it comes to laptop theft and even the most security conscious traveller who follows best advice can fall foul to an opportunist thief at an airport. It only takes a second for a thief to strike or for your flight to be called and you head off only realising ten minutes later that you've left you laptop behind. Absolute Software offers some tips on best practice security procedures while you travel:

  • Never check your laptop in as luggage - Laptops should be taken onto a plane as hand luggage.
  • Don't make it obvious you are carrying a laptop - Rather than a tell-tale laptop bag, laptops should be carried in inconspicuous bags, such as backpacks or tote bags.
  • Avoid leaving laptops unattended - This should definitely be avoided at the airport as it will be 'disposed' of, but even if you turn your back for a moment the laptop could be taken by a diligent thief and soon lost in the crowd.
  • Discourage theft by publicising the use of security products such as asset tracking software - If thieves think that they might be caught, they will be less likely to take it in the first place.
  • Add identification to your laptop - For example, adding barcodes or engraving details onto the device will act as a deterrent. Thieves usually steal laptops to immediately sell them on. Obvious identification makes it a less desirable target.
  • Be extra careful through security - Be aware of thieves swapping briefcases coming out of the x-ray machine at security.

However, a lost of stolen laptop doesn't need to a complete catastrophe and it is still possible to prevent sensitive data falling into the wrong hands. But businesses need to prepare for worst case scenario and have a robust plan in place should one of its mobile devices go missing.

Depending on the value placed on the data on your organisations' laptops it is essential to add an extra layer of security to protect this sensitive data. Software is available that enables a lost or stolen laptop to be tracked to its location and remotely cleanse any sensitive or confidential data it contains.

The ability to delete data remotely offers organisations the piece of mind that should a laptop be mislaid or stolen then any sensitive data it contains can be deleted preventing it being used for unscrupulous activity.

Ultimately, the deployment of a robust, multi-layered security solution that incorporates encryption and addresses regulatory compliance, data protection, computer theft and asset tracking should be a 'must' for any organisation with a mobile workforce.

Absolute Software is exhibiting at Infosecurity Europe 2009 on 28-30 April 2009 at Earls Court, London.

Read more articles from Infosec 2009 >>

Read more on Privacy and data protection