Law enforcement agencies are reporting a recent uptick in the number of lost or stolen laptop computers. It’s not clear yet whether this is a random fluctuation, a consequence of the troubled economy or something else but it is a disturbing trend.
Laptop computers represent one of most significant information risks for any company because of the sheer volume of confidential information that they can hold. Worse, even if you don’t think you’ve ever saved a confidential document onto your computer, the computer will almost certainly have the access credentials needed to access information that is centrally held. One stolen laptop can put all of your data at risk. In those situations, the state-level breach disclosure laws put the burden on the breached company to show that their information was not compromised. When in doubt, the company must disclose. So unless you know positively what information got stolen, you might have to assume that all of it was and notify everyone in your database. Thousands of notifications, leading to lawsuits, wasted time, panicked customers and, most seriously, a loss of trust with your customers.
For most companies, there are two thin lines that protect your customer information.
One is each individual employee’s practice of protecting the computer itself. The vast majority of laptop thefts are crimes of opportunity so don’t give the criminal the opportunity. Have a policy that requires your staff to keep their laptops locked up at night. If leaving the computer at the office, put it in a desk drawer or cabinet – out of sight, out of mind. Don’t assume that the door lock will be sufficient to keep the thieves out. (See this Times article for an example of how easily a professional thief can impersonate his/her way into a supposedly secured office.) If your staff are taking the computer home, make sure they know to either bring it in with them or lock the computer in the trunk if they have to stop on the way. Never let the computers be left exposed.
The second line of defense is encryption. Scrambling your data can provide protection in case the unthinkable happens. That encryption, however, is no stronger than the key used to unlock it. For many companies, the encryption is based on a password (often the same password used to log onto the computer in the morning). Always pick a strong password. Don’t just pick a word, capitalize the first letter and add some numbers at the end. This is a natural tendency for english-speakers and the hackers know it. They optimize their cracking routines to break passwords in this pattern and will crack them in mere minutes. Use whole sentences instead. Whole sentences are easy to remember but far harder to break.
And never, never, never write down your password and leave it with the device you are trying to protect. That would be like buying a $3000 security door for your home, then leaving the key in the lock. You’d never be that careless at home. Don’t let people be careless at work, either.
If you have a laptop, protect it. Even one loss is too many.
Credit report reminder
For those of us on the "trimester plan" for reviewing our credit reports, it’s time to ask for your free copy of your credit report from the next agency.