Laptop security: What you need to know

Don't be put off by the nightmare tales...

Explaining a lost laptop to your boss is one thing, explaining just which files have fallen into someone else's grubby mitts quite another. But there are plenty of ways to guard against security breaches, as Pia Heikkila explains... Laptops have become almost as ubiquitous as desktop PCs. They have revolutionised our working lives by bridging the gap between the home and the office, allowing many of us to work anywhere. Yet there is an indisputable downside - laptops attract thieves and are easy to leave behind, which means they can become an IT director's worst nightmare. But it doesn't have to be that way. According to recent statistics from the FBI, 57 per cent of all computer hardware crime is linked to laptops. Most criminals steal laptops for the hardware, according to Magnus Ahberg, MD of Pointsec, a laptop security specialist. "Nearly 95 per cent of laptops stolen are stolen for the value of the machine but the fact is that most companies cannot risk their critical data. Companies must take measures to protect themselves," he said. Laptops get stolen largely because they are easily targeted and identified, according to Neil Barrett, CTO of International Risk Management, who investigates cybercrime. "While laptop carry cases are ideal for transporting a laptop, the classic case is also easily recognised and therefore easily targeted by a thief." In the UK, the Ministry of Defence (MoD) lost over 600 laptops in one year alone. One highly published case of an MI6 officer leaving his laptop in a taxi after a night out was a wake up call to users. Once a laptop has been lost, it is very difficult to trace. Only three per cent of stolen units are retrieved according to figures from US security specialists Safeware. And most office equipment insurance only covers the hardware lost, not the data itself. "There are a few US companies that are doing special business continuity insurance, which can cover intellectual property too, but they are not very common yet," said David Hofacker, UK manager for software company Extended Systems. Protecting data inside a laptop is important. "Passwords have to be set in a way they cannot easily be guessed because once a hacker gets hold of a laptop, he has all the time in the world to crack the machine open," added Hofacker. A recent survey from security company Pentasafe found most people don't know how to set up passwords that cannot be guessed easily. David Blackman, marketing director at Pentasafe, said: "Hackers work very logically. Once they uncover one password, getting the next one isn't rocket science. There is software available on the internet which can calculate passwords." He added that anyone using a laptop to access a corporate network should be informed thoroughly of their company's security policy. "IT departments should ensure end users realise the laptop is as much as part of the corporate network as desktop PCs," said Blackman. And there are painless countermeasures any IT department can set up before they hand out a device to a user. IRM's Barrett said: "Encrypted disks make the stealing of information and access to network data impossible. The encrypted file system from Microsoft or even a solution such as PGPdisk can provide substantial and important levels of protection." For extra critical data, Pointsec's Ahlberg recommends an encryption tool which can encrypt a machine's hard drive, leaving nothing for a thief to uncover. "Once a hard drive is encrypted, it is difficult even to find a laptop's operating system," he said. There are some simple steps end users can take to help to reduce the theft of laptops, the experts claim. One obvious tip is not to carry them in laptop cases. And never leave them unattended. Back-up is also important, at least once a month, preferably more often. IRM's Barrett recommends the use of Zip drives or USB-connected CD burners or, of course, network-connected backup in the case of office users. There are also technologies being developed to make stealing laptops more dangerous. A US company called zTrace has developed tracing technology which activates the minute a laptop, which is reported stolen, connects to the internet. The software itself is free but if you want to retrieve you stolen laptop, the company charges a fee. The tracker cannot be uninstalled by thieves, the company claims. zTrace is planning to launch in Europe soon. It is common to hear those in charge of IT cite security and management as reasons why they don't allow end users laptops. There are issues but there are safeguards. For more on laptops and these issues, see our latest Hot Topic - http://www.silicon.com/laptop