Mara Gulens
April 19

Make sure it's just gibberish to laptop thieves
The Globe and Mail

"Don't leave your computer in the car - not for five minutes," Allan Waxman warns. The president of Toronto-based Waxman Recycling Industries speaks from experience. On a business trip, he had put his laptop on the backseat of his car while he went for breakfast. When he returned, the rear window was smashed. "I felt like I was violated," says Waxman.

Fortunately, there was no top-secret information on Waxman's machine, and about 80 per cent of his company's extensive and hard-to-replace antique soda bottle and fruit crate database was backed up. This was not the case with the well-publicized incident of a Fidelity Investments notebook computer that was stolen earlier this spring.

That device contained confidential information on more than 196,000 past and present Hewlett-Packard Co. employees, and the company had to scramble to advise all of them of the potential implications. Fidelity's experience is becoming more common as companies and their staffs adopt notebooks and other mobile devices.

"People understand the risk of corporate data falling into the wrong hands, but I think a lot of times it's one of these 'it won't happen to us' scenarios," says Mark Tauschek, a senior analyst with Info-Tech Research Group in London, Ont.

Even if executives don't have confidential data on their device, they do have information like contact lists and saved passwords. The next thing you know, someone is using the purloined information to access the corporate network and resources, Tauschek says.

The chances of a laptop being stolen are 1 in 10, according to the Gartner Group, an Information Technology research and advisory company. The FBI estimates 97 per cent of stolen laptops are never recovered. Add to that the countless cellphones, BlackBerries and personal digital assistants (PDAs) left in the back seats of taxicabs and at airport security checkpoints, and you know there's a wealth of missing hardware - but more importantly, data - circulating in the wrong hands.

"Technology may help the world go 'round, but it's very stealable," says Constable Earl Fletcher of Halton Regional Police Services in Ontario. "Not only do you get the value of the property, but you get what's in it."

So, it's no surprise that issues of data security are rising as the world becomes increasingly mobile.

"Every night, something like 80 or 90 per cent of a company's [current] documents leave the building," says Dan Reio, product manager and mobility expert for Hewlett-Packard Canada. "That's a pretty scary scenario."

Protect your assets

Theft of mobile devices can be a crime of opportunity, such as the one experienced by Waxman. Or, it can be a corporate theft from the workplace, where in 80 per cent of cases it's an inside job according to computer theft company Absolute Software Corp.

If a mobile device is stolen, you can make sure things such as network passwords that may have been compromised are cancelled immediately. But there's not much you can do about recovering the hardware or preventing a possibly disastrous information leak unless you've done some advance planning.

Two items are essential for protecting mobile computers, says Tauschek. First, lock your device down with something more than standard Windows domain authentication. Use a smart card or ID token - or, as the technology becomes more reliable and mainstream, biometrics such as a fingerprint reader.

The second important consideration for mobile devices is data encryption. "If you can't decrypt the device, then the hard drive becomes a paperweight," says Tauschek. Instead of thousands of dollars spent notifying customers and repairing a public-relations disaster, all that is lost is a $2,000 laptop. "Obviously you need personal firewalls, anti-virus software, security updates and patches. But when the device is lost and out of your hands, you have to make sure that nobody can get into the device - and that if they could, it would all be gibberish, because it would all be encrypted," he says.

Security features are now more frequently built into laptops and PDAs. Some Lenovo ThinkPad notebooks have a fingerprint scanner, for example. HP's new drive-lock password goes one step further than log-in passwords by synchronizing with the BIOS (the program that runs before you get into your operating system) so that even if the hard drive is moved to another notebook, the drive's data remains inaccessible. "The more barriers you put up, the better protected your data and your assets are," HP's Reio says.

There are also tools to try and recover stolen equipment. HP's newest line of notebooks comes with a pre-installed security agent that can be turned on by purchasing Absolute Software's LoJack for Laptops (the corporate version is CompuTrace). This asset-tracking mechanism is installed in the computer's BIOS and if the notebook is lost or stolen, Absolute collects the IP address of the Internet connection and works with local law enforcement to recover the missing machine.

The software's corporate version also has the option to delete sensitive information remotely; the current version of the consumer software does not do this because in most cases consumers don't have backup, says Ben Haidri, vice-president of marketing and business development for Absolute Software. The next version of LoJack for Laptops, however, will include this option.

In case Absolute can't locate a missing device, it offers $1,000 to corporate customers, and a money-back guarantee to consumers.

St. Andrew's College in Aurora, Ont., recently installed CompuTrace on all 600 student and teacher laptops. The college has already recovered one stolen laptop, and wiped the hard drive of another remotely after it was swiped. However, in many cases laptops that are ripped off are refurbished and sold cheap to university students, no questions asked, Constable Fletcher says.

"I'll guarantee you that a lot of people have laptops and don't know what their serial number is," he says, suggesting that laptop owners engrave an ID on the computer so it can be identified if stolen, and keep a record of the computer's serial number so it can be put on the Canadian Police Information Computer System should it go missing.

If you've taken all preventative measures and your device is lost or stolen, then the crisis will be about hardware, not data. If your device ends up being one of the small percentage found, then consider yourself two times lucky.

Preventative measures

1. Out of sight, out of mind. If you do have to leave your laptop in the car, secure it in the trunk. If your office is on the main floor, keep the blinds closed to discourage window-shopping thieves.

2. Multiple authentication layers. Two-factor authentication, such as a password and a USB security token or fingerprint scan, helps render your device inaccessible.

3. Encrypt data. If your notebook falls into the wrong hands, an encrypted file is all gibberish without the proper "key" to decrypt it.

4. Make it identifiable. Engrave your personal information on the computer or handheld device, and keep track of the machine's serial number.

5. Take failsafe action. Install a tracing program so the machine can be tracked down if thieves use it to go online.

Parksville, B.C.: Home to Canada's Best Beach

Before slipping into bed on our second night at Parksv...

Social Media is the Message: Web 2.0 has changed the way the public talks about health
UToronto Medicine

Prof. Jennifer Keelan has had it with print. She’s also had it with TV and the phone. That’s beca...

Magic in the Kitchen: Induction Cooktops

There's magic in the kitchen, and it's all centred around induction cooking, that remarkable new technology that m...

Single or Bilingual?: Second language learning
My Sweet Baby

In our bilingual, multicultural country, speaking two languages often seems the norm. But for many parents, passin...

5 Reasons to Skip Tofino & Head for Ucluelet on Vancouver Island

The buzz is all about Tofino’s endless, sandy beaches. But after our four-hour drive through the lush mounta...

© Mara Gulens, 2007 - 2021