To Lose a Laptop
By Seth Ross
CEO has his laptop stolen from the podium after a press conference.
On that device: the "DNA" - plans, prices, prospects - for a major
public company in a highly competitive market. A secret service
agent puts his laptop down for a moment at a train station; he turns
around and it's gone, along with secret information on anti-terrorist
operations. Another secret agent goes on a binge in a pub. In the
morning, she can't remember what happened to her laptop.
The mobile computers known as "laptops" or "notebooks" are a favorite
target of theft. In many instances, they represent a target of convenience
for street criminals due to their small size and high resale value.
But not all laptop/notebook theft is due to street thefts. In some
cases, the target is not the computing device itself but rather
the data it contains.
According to Safeware (http://www.safeware.com),
the leading computer insurance company, a total of 319,000 notebook
computers were lost in the US due to theft in 1999, for a total
loss of $800 million. While Safeware is a reputable company with
reputable methods of calculating loss, their numbers are certainly
far too low. One reason: it's very difficult to estimate the value
of data losses. There's no sure way to know whether the data has
fallen into the hands of a competitor or not. Another reason relates
to one of computer security industry's most vexing problems - the
The sad truth is that companies lose confidential data every day.
In most cases, the companies don't even know they've lost data.
If they do know they've lost data, they often don't know how they
lost it. If they know they've lost it and know how they've lost
it, they don't report the loss.
Historically, computer thefts and breaches of data security are
not reported because companies find it embarrassing to disclose
significant hardware thefts, especially when that hardware has critical
data on it. The problem is even more acute for network security
Non-disclosure makes it difficult for security practitioners to
calculate risk and for executives to make sound decisions about
budgeting for security safeguards and personnel. A total US loss
of $800 million is a drop in the bit bucket in the context of an
economy worth trillions of dollars.
If everyone knew how much everyone else was losing, they could
plan and implement appropriate security safeguards and processes.
If everyone implemented appropriate security safeguards and processes,
the rate of theft and loss would plunge. Criminals would be deterred
and - if the safeguards were tough enough - some might even take
an interest in an easier line of work.
While very little can be done about the lack of reporting, security
planners and decision-makers can factor underreporting into their
planning and risk analysis processes. Calculate the total value
of information assets based on the value of both hardware and data,
and assign a high probability for the loss of mobile assets like
If your company has 2,000 laptops, worth $2,000 each, with $20,000
worth of data on each, your total possible exposure is $44 million.
Given that it's impossible to know how many laptops are stolen in
a year, assign a percentage based on your users' travel habits,
business locations, etc. Two percent loss might be a good guess,
leaving your company with an estimated exposure of $880,000. It
would be reasonable to spend up to $440 for the security of each
Fortunately, notebook security measures are fairly inexpensive.
Most new laptops have security slots that accept lock and cable
assemblies. The cable can be looped through any stationary object
or attached to common office furniture or cubicle walls. Kensington
is a leading brand; it offers a wide variety of office and computer
supply products. PC Guardian focuses on high quality computer anti-theft
products. The Notebook Guardian(r), for example, includes a PVC-coated
galvanized steel cable and a highly tamper-proof lock. See
Physical security is only part of the picture. What if the lock
and cable are defeated? As part of a strategy of defense-in-depth,
PC Guardian also sells encryption software that protects all the
system files and data stored on a notebook's hard disk: Encryption
Plus(r) Hard Disk. The user must supply a password before Windows
starts up. Once activated, the program transparently decrypts files
as they're needed: no further user intervention is required. If
the notebook is stolen, the thief cannot boot up the system. Even
if the thief removes the hard disk and installs it on another machine,
the data is encrypted and therefore useless for industrial espionage
For more about Encryption Plus Hard Disk, see
Perhaps the easiest and most cost effective approach is purchase
a hardware/software bundle. PC Guardian's Road Guardian package
includes the Notebook Guardian plus three encryption packages for
about $100. See
You may not be able to solve the conundrum of disclosure, but
you can take some easy steps to ensure that _your_ company's notebooks
stay out of the headlines. For all but the most marginal endeavors,
simple notebook security is an easy buy.