No Witnesses, No Evidence
No problem for software program designed to track laptops
- By John Livingston
- Sep 03, 2006
When a laptop computer disappeared recently from the offices of MDx Medical Management Inc. in White Plains, N.Y., the company's president, Thomas Schuetz, turned to Absolute Software to get the laptop back.
The theft occurred when the company was relocating offices and numerous people were coming and going. There was no evidence as to who committed the crime and no witnesses to the theft.
undefinedThe key for any business is to implement a layered approach to laptop security from visual deterrents, such as cable locks, to tracking and recovery software, to remote data deletion when data security is of paramount concern.
"Fortunately, we had installed ComputraceComplete on all our corporate computers, so after we notified the police, we contacted Absolute Software," Schuetz said.
An initial investigation by the police yielded nothing. Inevitably, the laptop silently contacted the Absolute Recovery Center, supplying critical location information. When a computer protected by ComputraceComplete is reported lost or stolen by its owner, the Absolute recovery team flags the computer as missing, then waits for the laptop to discreetly contact the company's monitoring center via its Internet connection every 15 minutes.
Absolute's theft recovery team tracked the laptop as it logged onto the Internet in Florida, then a few days later in Manhattan. An Absolute recovery officer then provided the Manhattan precinct with a name, phone number and address, indicating precisely where the laptop was located. Manhattan detectives then contacted the computer user, resulting in the laptop being immediately returned to the police. The investigation continues into how this person came to be in possession of MDx's laptop.
"I am extremely impressed with ComputraceComplete. The Absolute Recovery Team was able to track and recover a critical piece of hardware for MDx Medical, proving its worth many times over," Schuetz said. "I am a happy Absolute Software customer. In fact, I have already recommended ComputraceComplete to two other companies we do business with."
Tip for Preventing Thefts
With the help of the following best practices and helpful tips -- from common sense to high-tech solutions -- your small business need not be counted among the ranks of those companies ill-prepared for laptop theft.
Use cable locks as visual deterrents. Truth be told, most cable locks can be ripped off the plastic exterior of a laptop with a strong tug. Cable locks are therefore akin to ink-filled garment security tags in clothing stores -- they leave a mark when removed by force, but are ineffective at preventing many thefts.
Avoid leaving unsecured laptops unattended. Lock them in cupboards, laptop carts or other secure facilities when not in use. If they must be left in a vehicle, they should be covered up or locked in the trunk.
Keep laptops inconspicuous. Laptops should always be carried in inconspicuous carrying cases, such as a backpacks or tote bags, instead of tell-tale laptop bags.
Change passwords regularly. Never leave your password in obvious places such as a sticky note under your keyboard or on your desk.
Keep anti-virus software and firewalls installed and up-to-date. Prevent unauthorized access and protect valuable information with data encryption software.
Back-up valuable data on a scheduled basis. Data back-up needs to happen as frequently as required to minimize the risk to the organization in the event of loss.
Understand the dangers of pirated software and file sharing. Both piracy and over-deployment of purchased licenses can lead to significant lawsuits or other financial penalties. And not only is it illegal, pirated software can increase susceptibility to viruses, Trojans and other attacks.
Stay informed. Continue to educate yourself on the tools and techniques used today by cyber criminals, as well as other security risks to company data.
Use asset tracking and recovery software. Laptop recovery tools are highly effective because thieves know that hardware is more valuable if they can prove it works. To do so, they inevitably turn the hardware on and connect to the Internet, at which point the software agent -- unbeknownst to the thief -- reports its location information, helping police recover the device.
Invest in advanced data protection. Industry-leading data protection software allows customers to track fixed, remote and mobile computer assets, and remotely wipe sensitive information in the event that a computer is lost, stolen or nearing the end of its lifecycle.
Laptop Theft Statistics
While MDx Management adequately protected itself against laptop theft, countless organizations cannot say the same. Insurance agency, Safeware, claims that more than 600,000 laptops were stolen in 2004, resulting in an estimated $5.4 billion in loss of proprietary information. According to the FBI, 97 percent of stolen computers are never recovered. Gartner Group estimates that 73 percent of companies do not have specific security policies in place to protect their laptop computers.
Laptops are easy targets because they are designed to be portable. Yet, organizations risk litigation, lost business and public relations nightmares when a laptop goes missing. Veterans Affairs, Ernst & Young and Fidelity Investments have all recently faced intense media scrutiny after employee laptops disappeared.
Laptop theft may be impossible to fully prevent, but there are numerous tactics and technologies an organization can employ to help protect their mobile assets around the clock, in the office or on the road. In fact, Absolute Software has found that while the average corporate laptop theft rate is between 3.5 percent and 5 percent, organizations using laptop theft recovery software have a theft rate lower than 0.5 percent.
As current laws mandate public disclosure of data breaches, organizations are clamoring for strategies to both prevent laptop thefts and comply with privacy regulations when the unthinkable occurs.
The key for any business, large or small, is to implement a layered approach to laptop security from visual deterrents, such as cable locks, to tracking and recovery software to remote data deletion when data security is of paramount importance.
Regulations and Compliance
In response to the ever-increasing volume of sensitive and confidential information stored electronically on remote and mobile computers, and the potential and actual breaches of privacy that have occurred, governments have dramatically increased regulatory legislation designed to protect personal information.
California S.B. 1386 requires all organizations in the state of California that own or license computerized data containing personal information to disclose to residents any breach of security if unencrypted personal information is reasonably thought to have been compromised by an unauthorized person. Furthermore, the bill extends beyond California's borders because it also applies to any business that holds data on a California resident. Most states have adopted legislation similar in scope to Senate Bill 1386.
HIPAA establishes rules for handling and securing medical records to ensure the privacy and security of patient information. The act pertains to organizations that process, transmit or store protected health information. Noncompliance carries significant civil and criminal penalties.
Sarbanes-Oxley Act requires accurate reporting of all assets, including computer assets. Non-compliance carries severe penalties (fines of up to $5 million and imprisonment for up to 20 years) for senior management.
Gramm-Leach-Bliley is a law that mandates that all companies protect the security and confidentiality of their customers' private information. To comply, organizations storing personal customer information must identify and safeguard against the loss of any personal information.