Laptop Security -Where'd My Laptop Go?

Laptops are lovely. They are convenient, mobile, powerful and prestigious.

They are also thief magnets. Over 400,000 laptops disappear each year, leaving their owners wondering where they went, what is happening with their data and what to do next.

Some of the laptops are just lost - left in cabs, at hotels, restaurants and at conferences and events. Many of these laptops (but not all) find their way back to their lucky owners.

Some are stolen by people - many of them co-workers, service staff or people taking advantage of a "moment of opportunity" - who just want to have a laptop.

Some are stolen by professional "Laptop Lifters" who may work in teams to steal the laptops for resale.

And others are stolen, not for the laptop itself, which may be a bonus, but for the data on the laptop's hard drive - financial or identity data or business plans or data.

For example:

• QualComm's CEO had his laptop stolen while he was conducting a Press Conference. Reportedly, some of QualComm's most valuable secrets were on that laptop, unencrypted and only protected by an easily bypassed password.
• A Department of State laptop containing high level information on nuclear proliferation was stolen right from State's headquarters. Two administrators were fired and other personnel were reprimanded.

1) Securing the actual laptop

There are many ways to control the physical security of a laptop.

There are cable locks that can be attached to an immovable object to make it more difficult to just pick up the laptop and walk away. Although these cables can be cut with a bolt cutter, some of them are combined with an alarm that will sound if the cable is cut.

Alarms or motion detectors are also available without the cable locks. They can be set to activate whenever the laptop is moved or when the laptop is moved a certain distance away from a pocket receiver that the owner has, which also alerts the owner.www.anchorpad.com, www.kensington.com, www.computersecurity.com, www.pcguardian.com, www.trackitcorp.com, www.minatronics.com

Use a laptop carrying bag that does not look like a laptop case. Having a laptop case that says IBM or Sony is advertising that you are carrying a highly valuable commodity. Consider using a backpack with your laptop in it in a padded sleeve. One of the prime places for laptop theft is the men's bathroom in airports and convention centers. Another prime place that laptops are stolen is at pay phones in a busy area.

Just as there are pickpocket teams, one of whom distracts you by "accidentally" bumping into you while the other steals your wallet, there are "Laptop Lifters" one of whom will accidentally spill something on you while the other walks off with your laptop. A good rule to follow is: any time there is a diversion near you, put your hand on your laptop.

People usually feel comfortable at conferences and conventions. After all, you are usually surrounded by your peers, and there are often convention staff around to provide security. Often the theft will take place on the second or third day, when IDs for entry are not being checked as stringently, and many of the attendees are NOT wearing their badges. Many times people will leave laptops unguarded on or under conference tables during breaks.

Even if it is not your laptop that is stolen, your PCMIA cards - modem or wireless connectors - can be stolen in an instant. Not only is this a loss of value, it's also a real inconvenience.

It's a good idea to engrave your company information prominently on the outside of the laptop and on its carrying case. It makes it less attractive to the thief, because it makes it easy to identify and makes it harder to sell. Having a large or conspicuously colored luggage tag securely affixed makes it less attractive because thieves like to be "invisible."

You also should be sure to send in that little registration card that came with your laptop. Sometimes a stolen laptop will be sent back to the manufacturer for repair by the person who had innocently bought it from the thief. You may get your laptop back this way.

Don't leave your laptop in your car. If it is visible, you may lose your laptop AND have to pay for the damage to your car. Rental cars are often the special target of thieves, especially at popular restaurants or shopping malls. Plus, the extremes of temperature (both hot AND cold), can either fry your laptop or freeze the LCD screen.

2) Data Security

Losing your laptop may mean you'll have to shell out $1,000 - $3,000 for a new one. Losing your data can be MUCH more serious. Many people ONLY have a laptop, so ALL of their data is on it. Plus, most people don't back up their data as often as they should.

Replacing the data can be a pain. But losing your PERSONAL data, including perhaps your Social Security number, PIN numbers, credit card info, etc can be a form of personal hell.

Here are the steps you should take:

Set a BIOS password. BIOS is the first program to load when you turn on your computer. Your laptop will not boot at all until that password is entered. Although there are ways to bypass this, (there's all kinds of info on the 'Net), it's the first in several layers of security you can institute. (See http://www.lockdown.co.uk/?pg=biospsw&s=articles to see how to set a BIOS password).

Use the NTFS file system (assuming you are using XP). NTFS has strong encryption capabilities not available in FAT or FAT32. Here are a couple of articles that might help you decide: http://windows.about.com/od/filesfoldersdisks/l/aa001231b.htm http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/convertfat.mspx

Prevent data loss through your Infrared port. Do you actually use your infrared port? Do you even know if you have one? If you do have one, your computer can be hacked into all the way across the room! A simple way to disable it is to put a piece of black electrical tape across it. (It's a little dark window, generally on the back of your laptop). Alternatively you can disable the infrared port completely. Because each laptop manufacturer has different steps, search on Google or Yahoo for "Disable Infrared Port" and add your laptop manufacturer's name to the search terms.

Back up your data before you leave your office. That way, if your laptop is lost or stolen, you have not lost your files.

Consider keeping sensitive files off your laptop hard drive. A DVD can hold multiple gigabytes of data and can be carried in your pocket. A USB storage device is also quite handy.

If you are running XP Pro, your can encrypt your data using EFS (Encrypting File System), so it will be totally unreadable without the decryption key. If you don't have the Pro version, you can purchase third party encryption software.|

3) Getting your laptop back.

So the worst has happened and your laptop has disappeared. Hopefully, you have your name and phone number on it somewhere, so it can be returned to you if it was just left in a cab.

If you've taken the right steps before it disappeared, there's a fair chance you will get it back.

Here's what you can do to increase the chance of getting it back:

There are software solutions that allow you to trace your laptop if it ever connects to the Internet. For instance, www.computrace.com/ will give you the IP address wherever your laptop logs on. The cost is under $50. Getting the police to go and recover your laptop is another story, however.

According to some reports, when the police cooperate, recovery is up to 90%!
All in all, the most effective preventative is user awareness. Reportedly, Arthur Andersen CPA firm not only has classes and posters on laptop (and other) security, but they also have roving security personnel who take unattended laptops, cell phones, purses and PDAs off of desks and other unsecure locations, leaving a note behind telling the hapless "victim" where to get their property back. Quite an education, and probably pretty effective in raising awareness!

© Steve Freedman, Archer Strategic Alliances 2005 All Rights Reserved

Steve FreedmanArcher Strategic Allianceshttp://helpprotectmycomputer.com