Laptop theft

Laptop theft is a significant threat to users of laptop computers. Many methods to protect the data and to prevent theft have been developed, including alarms, laptop locks, and visual deterrents such as stickers or labels. Victims of laptop theft can lose hardware, software, and essential data that has not been backed up. Thieves also may have access to sensitive data and personal information. Some systems authorise access based on credentials stored on the laptop including MAC addresses, web cookies, cryptographic keys and stored passwords.

According to the FBI, losses due to laptop theft totalled more than $3.5 million dollars in 2005. The Computer Security Institute/FBI Computer Crime & Security Survey found the average theft of a laptop to cost a company $31,975.^[1] The incidence of laptop theft has been growing at a steady rate as laptop use continues to grow, and more than 1 in 10 laptops will be stolen within their lifetime.^{[citation needed]}

Best practices against laptop theft

Depending on what is kept on a particular laptop, lack of proper security precautions allows a thief to easily acquire such information as personal bookkeeping files, documents containing passwords, addresses, as well as employee and customer information stored on company laptops.

Inside protection

Passwords are no longer adequate to protect laptops. There are many solutions that can improve the strength of a laptop's protection. Full disk encryption (FDE) is an increasingly popular and cost-effective approach. Full disk encryption can be taken on from a software-based approach, a hardware-based approach, or both - end-based approach. FDE provides protection before the operating system starts up with pre-boot authentication, however precautions still need to be taken against cold boot attacks.

There are a number of tools available, both commercial and open source that enable a user to circumvent passwords for Windows, Mac OS X, and Linux.

Passwords provide a basic security measure for files stored on a laptop, though combined with disk encryption software they can reliably protect data against unauthorized access. Remote Laptop Security (RLS) is available to confidently secure data even when the laptop is not in the owner's possession. With Remote Laptop Security, the owner of a laptop can deny access rights to the stolen laptop from any computer with Internet access.

Physical protection

A number of computer security measures have emerged that aim at protecting data. The Kensington Security Slot along with a locking cable provides physical security against thefts of opportunity.

Centralization of laptop data

Another possible approach to limiting the consequences of laptop theft is to issue thin client devices to field employees instead of conventional laptops, so that all data will reside on the server and therefore may be less liable to loss or compromise. If a thin client is lost or stolen, it can easily and inexpensively be replaced. However, a thin client depends on network access to the server, which is not available aboard airliners or any other location without network access.

This approach can be coupled with strong authentication as such Single sign on.

Some major laptop thefts

Department of Veterans Affairs

In 2006 a laptop in custody of a data analyst was stolen. It contains personal and health data of about 26.5 million active duty troops and veterans.^[2] The agency has estimated that it will cost between $100 million to $500 million to prevent and cover possible losses from the data theft.^[3] In 2007 VA accepted to pay $20 million to current and former military personnel to settle a class action lawsuit. ^[4]

In 2010 VA reported the theft of the laptop from an unidentified contractor; the computer contained personally identifiable information on 644 veterans, including data from some VA medical centers' records.

After learning about the unencrypted laptop, VA investigated how many VA contractors might not be complying with the encryption requirement and learned that 578 vendors had refused to sign new contract clauses that required them to encrypt veteran data on their computers, an apparent violation of rules.

See also

• Comparison of Device Tracking Software
• IT risk
• Pre-boot authentication

References

External links

• Tracking, Prevention and Recovery at the Open Directory Project
• The spy who lost me - laptop thefts from the British Ministry of Defence
• Anti theft - laptop thefts software alerta laptop
• 2005 CSI/FBI Computer Crime and Security Survey - statistics and information about computer crime