Bill Warnock
10-18-2005, 11:48 PM
Security Beat?s, weekly Email newsletter dated October 18, 2005, published by Access Control and Security System Magazine contained an article entitled ?Laptops vulnerable to theft at the office.? For those of you who do not get this newsletter, it is presented verbatim: ?The office is the most common place laptops are stolen, tallying 29 percent of all laptop disappearances worldwide, according to a recent survey by mobile data security provider Credant Technologies.
"Everyone knows to guard their devices when they're traveling, but the results we found about the office were quite shocking," says Credant CEO Bob Heard. "What we discovered were corporate environments that are careless and even reckless with laptops, many of which contain crucial company and personal data."
Nearly 87 percent of respondents reported having company-related e-mail on their stolen laptops; 67 percent had other important business information stored; and 90 percent reported that their stolen laptop contained sensitive and confidential corporate data that was not intended for public view.
The survey also found that nearly three quarters of the stolen laptops did not meet regulatory compliance requirements for data encryption, mainly the stringent privacy regulations dictated by Health Insurance Portability and Accountability Act (HIPAA), California Senate Bill 1386 and other regulations. Twenty-one percent of respondents report they used no security measures or encryption of any kind on their stolen laptops. Only 10 percent of respondents report using a full-disk encryption security product.
"Eighty-two percent of all our survey respondents claim they never recovered their stolen laptop," Heard says. "That's sensitive information floating out there in the wrong hands."?
This is just the latest in a series of articles published in varied security magazines, to include ST&D, the host of this site, local and national newspapers, seen on special purpose TV programs as well as nightly national and local newscasts; and still the problem exists.
The following is from a security guide that may be of interest and hopefully of some use.
u. Laptop and Personal Digital Assistant (PDA) security.
(1) Are corporate security responsibilities for laptop computers and PDAs to include usage, and by whom, spelled out in written directives issued to all employees? If not, explain why not?
(2) What office and specific individuals within that office are responsible to corporate management for the implementation of these written directives?
(3) Does the corporation maintain an accurate and current listing of make, model and serial numbers for all corporate laptop computers and PDAs? If the answer is no, explain why not? If the answer is yes, what office does this function?
(4) Are corporate laptops and PDAs inscribed with corporate logo ID numbers? Are ?corporate unique? bar coded inventory stickers assigned and affixed to each laptop and PDA?
(5) How often are thorough inventories conducted? (quarterly, semiannually or annually) If such inventories are not conducted, why? If conducted, did ?eye see - hand touch? each laptop and PDA?
(6) While at the workplace, how are laptops and PDAs secured? If laptops and PDAs are not secured, why aren?t they? Three suggested products to secure laptops: Kensington® MicroSaver? Security System. Contact any computer supply outlet. Smith & Wesson® Security Products, Notebook Lock?Contact Noble Enterprises, Limited, 5325 Newcastle Avenue, Suite 202, Encino, California 91316. Telephone 818-881-0354. FAX: 818-881- 9404. E-mail: noblesec@loop.com . Segull Security Systems?® Universal Notebook Security Cable. Contact Segull Security Systems®, Inc., 15230 Burbank Boulevard, Suite 106, Van Nuys, California 91411. Telephone 818-781-6560. FAX: 818-781-0508 Toll Free 888-781-6562. Web site: www.segullsecurity.com E-mail: segull@segullsecurity.com One end of the steel cable fits into the security lock slot on the laptop. The other end of the cable should be secured to the docking station, your desk or some other hard to move object.
(7) At the workplace, are computers and PDAs protected by EAS technology? Would use of EAS technology prove beneficial at this location? Explain.
(8) When in travel status, are laptops and PDAs secured in accordance with corporate policy? If not, why not? Does this policy deal with issues of temporary workplace, hotel and motel security? If not, why not? Are radio frequency anti-theft systems, such as TrackIT? from Segull Security Systems® issued to employees? If not, explain why not? Contact Segull Security Systems®, Inc., 15230 Burbank Boulevard, Suite 106, Van Nuys, California 91411. Telephone 818-781-6560. FAX: 818-781-0508 Toll Free 888-781-6562. Web site: www.segullsecurity.com E-mail: segull@segullsecurity.com
(9) What is the corporation?s written procedure concerning laptop and PDA security at airport security screening points?
(10) *"Most of us use the PDA to manage our time and to store information. One inherent risk of loading confidential data in a PDA is protecting that information in case of loss or theft. Many users fail to password protect their PDA or lose the PDA when the unit is not in secure mode. We recommend that users do not store personal or critical business information on a PDA and avoid sending or receiving sensitive messages that you do not want recorded. Messages sent to and from PDA can be retrieved by the service provider in their entirety, and that confidential message text can be stored in a database forever, making that information available to others." (*Source: Martin Cramer, CPP, Security Manager, United Building Security, Dallas, Texas, ?Security Tip of the Week,? © Security Products E-News ®, 01-01-03)
NB: It is strongly recommended that laptops be packed in carry-on baggage within a Faraday enclosure. Since x-ray machine electronic components and conveyor belt motors are not shielded from the conveyor belt, exposure from these sources can be detrimental to integrity of the magnetic storage media contained within the laptop. It is for this reason the laptop should be protected by a Faraday enclosure. A suggested source for these enclosures is ESD Systems®, 19 Brigham Street, Unit 9, Marlboro, MA 01752-3170, Phone 508-485-7390, and Fax 508-480-0275.
Keep your laptop with you. It may seem obvious, but too many people put down their laptop while traveling, and then walk away to make a call, use the restroom or get a snack.
Be especially wary when passing through airport security screening points. Two thieves working together can delay you at the screening point, and then steal your laptop as it moves through the x-ray conveyor belt ahead of you.
Enjoy the day,
Bill
"Everyone knows to guard their devices when they're traveling, but the results we found about the office were quite shocking," says Credant CEO Bob Heard. "What we discovered were corporate environments that are careless and even reckless with laptops, many of which contain crucial company and personal data."
Nearly 87 percent of respondents reported having company-related e-mail on their stolen laptops; 67 percent had other important business information stored; and 90 percent reported that their stolen laptop contained sensitive and confidential corporate data that was not intended for public view.
The survey also found that nearly three quarters of the stolen laptops did not meet regulatory compliance requirements for data encryption, mainly the stringent privacy regulations dictated by Health Insurance Portability and Accountability Act (HIPAA), California Senate Bill 1386 and other regulations. Twenty-one percent of respondents report they used no security measures or encryption of any kind on their stolen laptops. Only 10 percent of respondents report using a full-disk encryption security product.
"Eighty-two percent of all our survey respondents claim they never recovered their stolen laptop," Heard says. "That's sensitive information floating out there in the wrong hands."?
This is just the latest in a series of articles published in varied security magazines, to include ST&D, the host of this site, local and national newspapers, seen on special purpose TV programs as well as nightly national and local newscasts; and still the problem exists.
The following is from a security guide that may be of interest and hopefully of some use.
u. Laptop and Personal Digital Assistant (PDA) security.
(1) Are corporate security responsibilities for laptop computers and PDAs to include usage, and by whom, spelled out in written directives issued to all employees? If not, explain why not?
(2) What office and specific individuals within that office are responsible to corporate management for the implementation of these written directives?
(3) Does the corporation maintain an accurate and current listing of make, model and serial numbers for all corporate laptop computers and PDAs? If the answer is no, explain why not? If the answer is yes, what office does this function?
(4) Are corporate laptops and PDAs inscribed with corporate logo ID numbers? Are ?corporate unique? bar coded inventory stickers assigned and affixed to each laptop and PDA?
(5) How often are thorough inventories conducted? (quarterly, semiannually or annually) If such inventories are not conducted, why? If conducted, did ?eye see - hand touch? each laptop and PDA?
(6) While at the workplace, how are laptops and PDAs secured? If laptops and PDAs are not secured, why aren?t they? Three suggested products to secure laptops: Kensington® MicroSaver? Security System. Contact any computer supply outlet. Smith & Wesson® Security Products, Notebook Lock?Contact Noble Enterprises, Limited, 5325 Newcastle Avenue, Suite 202, Encino, California 91316. Telephone 818-881-0354. FAX: 818-881- 9404. E-mail: noblesec@loop.com . Segull Security Systems?® Universal Notebook Security Cable. Contact Segull Security Systems®, Inc., 15230 Burbank Boulevard, Suite 106, Van Nuys, California 91411. Telephone 818-781-6560. FAX: 818-781-0508 Toll Free 888-781-6562. Web site: www.segullsecurity.com E-mail: segull@segullsecurity.com One end of the steel cable fits into the security lock slot on the laptop. The other end of the cable should be secured to the docking station, your desk or some other hard to move object.
(7) At the workplace, are computers and PDAs protected by EAS technology? Would use of EAS technology prove beneficial at this location? Explain.
(8) When in travel status, are laptops and PDAs secured in accordance with corporate policy? If not, why not? Does this policy deal with issues of temporary workplace, hotel and motel security? If not, why not? Are radio frequency anti-theft systems, such as TrackIT? from Segull Security Systems® issued to employees? If not, explain why not? Contact Segull Security Systems®, Inc., 15230 Burbank Boulevard, Suite 106, Van Nuys, California 91411. Telephone 818-781-6560. FAX: 818-781-0508 Toll Free 888-781-6562. Web site: www.segullsecurity.com E-mail: segull@segullsecurity.com
(9) What is the corporation?s written procedure concerning laptop and PDA security at airport security screening points?
(10) *"Most of us use the PDA to manage our time and to store information. One inherent risk of loading confidential data in a PDA is protecting that information in case of loss or theft. Many users fail to password protect their PDA or lose the PDA when the unit is not in secure mode. We recommend that users do not store personal or critical business information on a PDA and avoid sending or receiving sensitive messages that you do not want recorded. Messages sent to and from PDA can be retrieved by the service provider in their entirety, and that confidential message text can be stored in a database forever, making that information available to others." (*Source: Martin Cramer, CPP, Security Manager, United Building Security, Dallas, Texas, ?Security Tip of the Week,? © Security Products E-News ®, 01-01-03)
NB: It is strongly recommended that laptops be packed in carry-on baggage within a Faraday enclosure. Since x-ray machine electronic components and conveyor belt motors are not shielded from the conveyor belt, exposure from these sources can be detrimental to integrity of the magnetic storage media contained within the laptop. It is for this reason the laptop should be protected by a Faraday enclosure. A suggested source for these enclosures is ESD Systems®, 19 Brigham Street, Unit 9, Marlboro, MA 01752-3170, Phone 508-485-7390, and Fax 508-480-0275.
Keep your laptop with you. It may seem obvious, but too many people put down their laptop while traveling, and then walk away to make a call, use the restroom or get a snack.
Be especially wary when passing through airport security screening points. Two thieves working together can delay you at the screening point, and then steal your laptop as it moves through the x-ray conveyor belt ahead of you.
Enjoy the day,
Bill