Complain about a product or service

Locking Down Your Laptop

A Little Prevention Goes a Long Way

By Martin H. Bosworth
ConsumerAffairs.com

December 15, 2006

Data Theft • Bank Data Breach Affects 12.5 Million Consumers • Data Breaches Exceed 2007 Record • Thieves Steal AT&T Laptop with Employee Data • Report: Data Breach Disclosure Laws Don't Affect Identity Theft • Patient Information Exposed in Data Breach at Walter Reed • Supermarket Chain Reports Data Breach • Report: Feds Still Not Doing Enough To Secure Data • Data Thieves Hit Georgetown University Students, Faculty • 800,000 Job Seekers At Risk In Gap Data Breach • TJX Data Breach Settlement Has Strings Attached • More ...

By now everyone's familiar with the epidemic of laptop theft. A computer disappears or is stolen, usually containing sensitive personal data on thousands of people, with little or no security or protection.

The company in question makes some tepid assurance that your information is in no danger, and offers to pay for some free credit monitoring that doesn't really work.

Lather, rinse, repeat.

What can employees and companies really do to protect their equipment and data from being misused?

Several companies have stepped into the data breach combat zone, offering solutions for securely encrypting laptops and tracking them in case of theft, just as new cars use Global Positioning Systems (GPS) to remain on "the grid" at all times.

John Livingston, CEO of Absolute Software, said that "a data breach is a defining moment for an organization ... Without a proactive approach to mitigating the damage caused by the breach, an organization's exposure can be immense."

Absolute Security

Livingston's company markets Computrace, a "data deletion software" tool that, once installed on a laptop, can silently communicate with data administrators at Absolute without the laptop user's knowledge.

If a laptop is reported missing, the next time it connects to the Internet, Computrace can flag the laptop and remotely erase all the data from the machine. The process is described more fully in the company's brochure (pdf file).

Computrace requires multi-factor authentication to ensure that only authorized administrators can erase data from the targeted laptop, and that the removal process meets government standards for data retention and removal.

The company also offers its own theft tracking system, appropriately called "LoJack for Laptops."

Computrace clients report the theft, and as soon as the computer is connected to the Internet, the company can track it down. While this doesn't do much to help with missing laptops that remain unconnected, it's at least a start.

Not to be outdone, companies such as CyberAngel and Trackion are utilizing Absolute's technology to put their own spin on the data deletion and protection market.

Tennessee-based CyberAngel sets up an encrypted "virtual drive" on the laptop, with secure algorithms and protections that prevent data stored within from being accessed after a theft.

The "virtual drive" approach is shared by Rocket Software's "Security Vault," which boasts of setting up undetectable "digital lockboxes" on users' machines.

"Unauthorized users are not only denied access to your lockbox content but also have no means of determining the very presence of your confidential files and folders on your system," the company says.

The best way to ensure data on a stolen or missing laptop doesn't get misused is to encrypt everything on the hard drive.

Industry leader PGP Corporation emphasizes the need for "whole disk encryption," where the "entire contents" of a laptop, USB drive, or other device are encrypted.

PGP, or "Pretty Good Protection," was originally developed for protecting e-mail from unwanted viewers, but has been extended to cover a number of encryption programs.

Proper Protection Policies

But having said all that, the sad truth is that no technological solution will work without the support of company-wide policies that promote the proper protection of data.

Too many employees fall into the trap of taking their work home with them without setting up safeguards on their machines, and too many companies, institutions and government agencies take a laissez-faire attitude towards data security.

Joseph Ansanelli, CEO of security firm Vontu, recommends developing "comprehensive security plans" that involve prioritizing laptops that regularly carry sensitive data for encryption first, as well as increasing employee training and awareness of data protection requirements, and "data loss responses" put into play when data breaches are reported.

"When a laptop is lost or stolen, its resale value no longer depends on value of the hardware. It is all about the data," Ansanelli said.

The granddaddy of all laptop thefts still belongs to the Veterans' Administration, and the endangerment of 26.5 million personal records when a laptop was stolen from the home of a VA analyst in Maryland.

The laptop was later recovered, and FBI analysts claimed it had not been tampered with, but the risk of identity theft and fraud is still a very real one for the affected veterans.

The experience caused a dramatic shift in security policies at the VA, and the agency claims to be pushing towards "the gold standard in IT security" as a result.

The VA's chief information officer, Bob Howard, told Federal Computer Week that the agency is "encrypting everything in sight" as a result of the breach. "It was a wake-up call for us and a wake-up call for all of government," Howard said.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.