Backing-up and encryption can alleviate some of the pain caused by losing a mobile device.
'The government loses a laptop every other day." This may sound like an accusation voiced by a character in the fantastical BBC spy-series Spooks, but worryingly it actually refers to real events. Liberal Democrat MP Dr Vincent Cable made the observation in July, in reaction to news that police had charged a man with the theft of at least one laptop from the UK Cabinet Office.
Cable is rightly incensed at the government's poor record of mobile security, citing the possible repercussions if confidential information fell into the wrong hands. Three laptops went missing in July alone, although the man in question was only charged with stealing one. The incident adds to the theft or loss of hundreds of government laptops in recent years.
The Secretary of State for Defence recently confirmed, in a written parliamentary answer, that some 400 laptops have gone missing from government departments in the past two years. If you go back further, things are even more frightening. Another parliamentary question last year put the figure closer to 600 computers having disappeared from the Ministry of Defence in the past five years.
There is a lot of publicity around the issue of hackers breaking into wireless networks -- a recent survey by RSA Security in the City of London revealed that one in three access points are not secure -- but stolen or lost mobile devices are an older and much more prevalent security issue if government figures are comparable to the private sector's
The UK government is not alone when it comes to sloppy laptop security. The US Justice Department recently announced it was reviewing security procedures, after admitting more than 700 weapons and 400 laptops had gone missing in the past three years. Most of the laptops belonged to the FBI and contained classified information.
Although these figures seem incredible, they are probably not unique to government departments. Public agencies are required to disclose embarrassing security information that enterprises prefer to keep confidential -- making it difficult to gauge how many mobile devices go missing in the UK.
A recent investigation by insurance firm Complete Computer Cover indicated that, assuming there are around 5 million laptops in the UK, about 100,000 will be damaged and nearly 67,000 stolen every year. The trend towards wireless working means notebooks and other mobile devices are only going to become more common.
PDAs and increasingly sophisticated mobiles are also catching up with laptops when it comes to devices for working on the move. No longer purely for personal use, these smaller -- and consequently easier to lose -- devices are carrying increasingly important data.
Although slow to take off, Gartner predicts that technologies such as Bluetooth -- a short-range wireless protocol that allows devices to communicate wirelessly -- will drive the uptake of smaller mobile devices. By 2005, more than 560 million Bluetooth-enabled devices will be purchased by businesses and consumers. However, implementing the technology will cost an additional $5.6 billion annually as a result of usage and security issues, the analyst claims.
"Bluetooth deployment costs will be higher than other wireless technologies because of limited interoperability and the need to implement policies to safeguard against data corruption and theft," says Bill Clark, research director for Gartner.
A survey earlier this year from security firm Pointsec Mobile Technologies revealed that 41 per cent of those surveyed used their PDA to access a corporate network but only around a third encrypted data to prevent unauthorised access.
Worryingly, the report also revealed that 40 per cent of people had lost a mobile phone, and 25 per cent had lost a laptop or PDA. The most notorious places for losing mobile devices are taxis, closely followed by bars, restaurants, and nightclubs.
Page Two: Backing-up and encryption can alleviate some of the pain caused by losing a mobile device.
According to Gartner analyst John Girard, the most common places for laptop thefts are airport security checkpoints, hotel restrooms, meeting rooms, and registration lines. Girard recommends these top-tips for keeping machines safe:
Keep your laptop in sight while going through security checkpoints.
Always have the laptop in carry-on luggage
Tape a business card to the laptop
Avoid leaving your laptop in hotel baggage-hold rooms
Lock the laptop or removable hard drive, if equipped, in a secure place when it's not in use
These tips are helpful but looking back at some past cases shows that there are no hard and fast rules of when laptop thieves are likely to take a chance:
The government minister in charge of Britain's nuclear secrets had his laptop stolen from his house in 2000. Armed forces minister John Spellar had his home broken into in Bromley, Kent. The intruder stole his laptop computer but left without touching two red boxes containing potentially sensitive defence information.
An MI6 officer left his laptop in a taxi after a night's drinking in a tapas bar in Vauxhall, south London, while an MI5 officer had his stolen when he put it down to buy a ticket at a station.
A science laboratory cleaner from Didcot, near Oxford, was recently convicted of stealing laptops from her employer by hiding them up her jumper. The woman managed to steal six machines this way before anyone noticed something was up.
The chief executive of Qualcomm had his notebook stolen from the podium of hotel conference room where he had just finished giving a talk to the Society of American Business Editors and Writers. He had been talking with several members of the press only 30 feet away when he noticed the machine was missing.
Usually the thief is interested in the laptop not the information on it. Encouragingly, surveys show that only 10 to 15 percent of laptops are stolen by criminals intent on selling the data, according to Gartner analyst William Malik.
But the fact that the thieves didn't set out to steal information is no consolation if there are vital files on the machine that haven't been backed up. A doctor lost his lifetime of research earlier this year, when his laptop was stolen from a hospital in Leicester. The research was on children with holes in their hearts and unfortunately no back-up copy had been made. The theft follows a similar case last year, when another machine, also containing essential research, was stolen from the Royal Hospital for Sick Children in Edinburgh. The machine was eventually recovered, to the relief of the doctor concerned.
Yet despite the ludicrously high numbers of notebooks that go missing, companies are not doing nearly enough to secure their machines. Nearly two-thirds of UK business users do not use a password when they log-on to their PCs or laptops, according to Mori survey commissioned by Compaq. Of the people who do use passwords, 15 percent use their own name and 10 percent give password details to colleagues. A third of respondents have not changed their passwords in the past year.
The poll also revealed that around half of those surveyed believed their laptop was susceptible to theft, yet more than a third did not make copies of confidential files. But backing up data shouldn't be such an issue. Apple's iDisk service allows files to be copied and stored online, while US firm Connected offers a similar service for PC's.
Other security measures available include encryption and tracking devices. Thales e-security launched a hard-drive encryption device in April this year that protects laptop data by storing everything on the machine's hard drive in an encrypted state. The Guardisk device has been approved by the Government's Communications Electronic Security Group (CESG) for restricted, and in some cases Top Secret, data, and introduced to some departments.
On the tracking side, software from companies such as Absolute Software and zTrace Technologies offer technology similar to the tracking devices now installed in some cars. Absolute's ComputracePlus application silently connects with the company's monitoring centre whenever the device is connected to the Internet. If the notebook is reported stolen or lost, its location is tracked and the police are called to recover the machine.
