Response Speed Is Key with Stolen Laptops

By Matt Hines  |  Posted 2006-07-30

Response Speed Is Key with Stolen Laptops

Its the call that no IT manager wants to receive, but one thats clearly ringing bells across the world of enterprise security: An employees laptop computer has been stolen, and it may contain sensitive data.

As a spate of recent incidents make clear, laptop computer thefts and the related data exposure are a serious issue, with organizations ranging from the U.S. Navy to financial services giant Fidelity Investments reporting incidents in the last six months alone.

Experts say the manner in which companies respond to such incidents, and the strategies they employ to improve their device security, will determine the impact that stolen laptops will have in putting affected companies information at risk.

In Boston-based Fidelitys case, a laptop containing the information of 200,000 employees at customer Hewlett-Packard was taken from an employees car outside a California restaurant in March.

Company representatives said the firm has already escalated its work to improve equipment and data-handling policies in the aftermath of the public relations disaster.

"Its an ongoing process for everyone; weve accelerated the process of encrypting data on laptops and expanded information security training for all our employees," said Anne Crowley, a Fidelity spokesperson.

"We already had strict measures in place and its not our practice to have that level of data on a laptop, but it had been allowed for the purpose of a particular business meeting."

Some would say that Fidelitys efforts might seem like "too little, too late," at least in the case of the affected HP workers, but experts warn that many companies may not be as well protected from the threat of stolen devices as they may initially think.

Just as in Fidelitys case, where security policies were circumvented for the purpose of facilitating a specific meeting, companies are often their own worst enemies in terms of allowing workers to ignore existing security guidelines in the name of getting business done.

Based on that reality, said Peter Firstbrook, an analyst with Gartner, in Stamford, Conn., enterprises must be ready to deal with the work that needs to be done to respond to and minimize dangerous information leakage from laptop thefts.

"If a company makes a mistake, they need to admit it right away and let people know, so they can try to solve any related problems; trying to wait it out has proven to only make matters worse," said Firstbrook.

Click here to find out how not to get fired for losing your laptop.

"In this type of scenario businesses need to ask themselves if they treat their customer records the same way they treat money, and if they respond the same way to losing 100,000 files as they would to losing $100,000."

One of the best things a company can do to respond to a laptop theft is to get in touch with the appropriate law enforcement officials as quickly as possible, the analyst said.

In addition to the added support in finding the missing device, bringing law enforcement into the picture transfers some of the burden of recovering the machine from the affected company over to police, Firstbrook said.

Other experts agree that calling the cops is one of the first things IT managers should do after a laptop theft, regardless of fears that word of a potential data loss could become public as a result of filing such claims.

Next Page: Law enforcement is getting more responsive.

Law Enforcement Is Getting

More Responsive">

While the process of finding the right law enforcement official to respond to a theft may take some legwork, most police departments and federal agencies are responding more aggressively to the reports, according to Ben Haidri, vice president of business development for Absolute Software, which markets the LoJack brand of laptop tracking tools.

For its part, Absolute Software, based in Vancouver, British Columbia, operates a "recovery team" of former law enforcement workers whose specific job is facilitating interactions with local police departments in the name of tracking down stolen devices.

However, even the smallest company should have better luck trying to work with law enforcement on IT-related issues today than they would have several years ago, he said.

"Law enforcement officials have improved and are now more proactive on computer crimes," Haidri said. "Theyre realizing that computer criminals are becoming more sophisticated, and that these crimes are often related to more traditional criminal activities. This is motivating a faster response in many cases."

One of the most important issues in dealing with any law enforcement agency is having all the pertinent information about a stolen machine on hand, such as the serial numbers of any stolen PCs.

The idea may sound simple, but a surprising number of companies find police departments unable to help them when such basic data isnt readily available, Haidri said.

Another vital piece of work after a laptop theft is figuring out just what type of data was on the device and how likely it is to be accessed, said Joseph Ansanelli, chief executive of Vontu, which markets data recovery software.

Getting a clear picture of the exact information a missing device contained will drive companies next steps in responding to an incident, he said.

"The most important thing when you have a loss is getting a sense of what was on there, because that is going to determine the overall sensitivity of the data, who you have to inform of the loss and whether or not this is going to be a big deal," said Ansanelli.

"In addition to covering yourself or your customers, this is the most crucial information in figuring out how to keep something potentially damaging from ever happening again."

A laptop is lifted from a data providers office. Click here to read more.

Surprisingly, some experts say that companies need to be reminded to follow through on any policy changes or security projects they launch in the wake of a laptop theft.

Even after going trough the pain of multiple incidents, some companies dont pick up the ball and run with their efforts until something truly damaging affects their business, said Bryan Glancey, chief technology officer of device encryption specialist Mobile Armor, in St. Louis, Mo.

"We talk to people in this situation all the time, and unfortunately most refuse to make significant changes to policy until something happens that results in a noticeable financial loss," Glancey said.

"Then you have a lot of people who pledge to become more proactive, but the effort is short lived and they walk away after only a short time; this is the sort of attitude that is going to keep laptop thefts in the headlines for a long time to come."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Rocket Fuel