Security Centre

Secure that laptop

By Davey Winder

Latest Business News
Economist warning over service sector woes
Security a key issue for cloud customers
Firms not dealing with mobile device data threat

View the full archive

Subscribe to the latest market news feedSubscribe to feed
Get your free MSAT toolkit today.
 
Contact Us
Call us to discuss your business requirements
Speak to an IT Expert
Find a Microsoft partner who can answer your business needs:
Enter Postcode:
Search by Category
 

Related Links

Microsoft Business Security Centre

TechNet Security Centre for IT Professionals

Secure that laptop

According to an IDC/Kensington survey, 94% of small companies in Europe have suffered from laptop theft. The Nationwide Building Society has just been fined a whopping £980,000 for security breaches – all thanks to a stolen laptop. Davey Winder investigates some answers.


*3,179 laptops and 923 USB drives were left in the back of London licensed taxis in just 6 months.*

A Pointsec Mobile Technologies survey in December revealed that 3,179 laptops and 923 USB drives were left in the back of London licensed taxis in just 6 months. How would it impact upon your business if a laptop was stolen, lost or the data compromised? As Andy Jones, Head of Security Technology Research at BT says, “data has become a valuable commodity in the criminal world, so assess your exposure and then decide how you can reduce it." Here are a few ideas from the experts to help secure that laptop!

In the bag

Andrew Royle at Tech Air designs laptop bags, an often overlooked piece of the security puzzle. “Our bags incorporate a system which uses compressed air cells to protect the laptop from knocks caused whilst mobile” he explains “as well as the I-TRAK ID service that provides a unique ID code for your laptop and bag, enhancing the chances of a speedy recovery if lost or stolen.”

Indeed, it doesn’t really matter if your laptop is victim to a thief or your bad memory. I-TRAK’s Managing Director, Adam Dalby, is currently researching a new anti theft device by embedding an RFID (Radio Frequency Identification) chip into the laptop and laptop case. “In the event a laptop is removed from a company building without its registered owner”, he says, “security and the owner will be alerted." But although such technology is impressive, it will come at a cost and that is something that Keith Dolby, Managing Director of Real Asset Management, reminds us needs to be factored into the security strategy. When it comes to asset tagging, the norm is to use bar codes and hand-scanners which do much the same job when it comes to pure auditing as RFID tags. “Currently, RFID is still relatively expensive- pounds instead of pennies- and it offers no real advantage over bar-code technology” Dolby insists.

Agent based technology

From the theft recovery perspective there is an answer though, in the form of agent based technology, running silently on the laptop and checking in whenever an Internet connection is made. If the laptop is flagged as stolen, the police can be notified of the location. These agent-based technologies can take things a step further, as Colin Gray, MD at BigFix explains: “The laptop can also get updated with the latest policies, patches, and updates from the enterprise centre, and if a missing laptop logs on to Internet, it can be pre-programmed to automatically identify itself to managers and subject itself to actions that can range from wiping clean all data on a disk or otherwise rendering the machine inoperable.”


*If the laptop is flagged as stolen, the police can be notified of the location.*

Back to basics

With the emergence of “back to basics hacking”, stealing the laptop is also the easiest way to steal the information on it. As such data protection is essential and asset tagging alone does nothing to help. “Whole disk encryption remains the only bullet proof solution” says PGP Corporation Marketing Manager Jamie Cowper. Yet according to encryption specialists SafeNet, only 44% of UK organisations actually apply it.

One of the reasons is the danger that a business might be locked out of its own data by a forgetful or vengeful employee, a problem when consumer encryption products are used within a corporate setting. “Business encryption suites include an emergency decryption key, which administrators can use to unlock data without coming to know the original password” reminds Katja Pryss at Steganos.

And if the cost of encryption is still playing on the finance director’s mind, Lynton Stewart-Ashley, a sales director with GuardianEdge says “the relative cost of protecting data on a laptop is low when compared to the costs of remediation. We have been tracking breaches of this type for years, and when unencrypted consumer records are exposed, the cost of notifying consumers of the breach is at least 15 times the cost of encrypting the records in the first place.” Don’t forget that BitLocker encryption comes as standard with Microsoft Vista Ultimate of course; another very good reason to upgrade.

Biometrics

Although integrated fingerprint scanners on laptops are becoming commonplace, not everyone is convinced of their capability. Andre Muscat, Network Security product manager at GFI reminds us that while they can be useful, they can also become a gimmick if solely used to control who can log into the operating system.

“Getting to the data within a stolen laptop is quite easy” Muscat says “the thief just needs to open the device, remove the hard drive and connect it to another computer and copy the data off. All it requires is a screwdriver!” This doesn’t have to be the case, HP’s Steven Gales insists it’s “impossible with a HP notebook: our drivelock protection marries the drive to the notebook via a unique password.” If you do go down the biometric route, make sure it’s genuinely useful.

A common sense conclusion

The best way for laptops to be kept secure, insists David Porter, Head of Security & Risk at Detica plc, is for their users to exercise some basic common sense. “Lock the screen when left on the office desk, store them somewhere safe when not in use at home” he says. “Even if their laptop is protected by a hundred levels of technical security, laptop owners should never let their guard down.” And that is advice nobody can argue with…

Simple answers, simple questions

Brian Pennington, Director of Security, Dimension Data UK says there are two simple questions that you should be able to answer regarding laptop access: who is using your laptop and who is remotely connecting to your systems? Authentication provides the answer, and there are 5 main solutions available:


1. Token/Fob (more commonly know as RSA SecurID)
The token has a unique 6-digit code which changes every 60 seconds. The code is recognised by software installed on your network and is your guarantee that the person who is accessing your data is the person you have authorised.
2. Mobile Phone
By issuing a one-time-use code via a text message, a mobile phone can perform the same function as an RSA-type token.
3. Smart Cards
You can program a smart card with your user’s unique credentials, be that a fingerprint or digital certificate.
4. Biometrics
The simplest for mobile users would be fingerprint-based biometrics, as manufacturers are already building the readers into laptops.
5. Proximity Authentication
A proximity solution uses a wireless receiver installed on the computer and a unique keycard, a radio transmitter carried by the user. When the keycard travels out of range, the computer is locked down automatically.

Davey Winder

About the author
Author, journalist and consultant, Davey Winder has been writing about security issues for 16 years and is the current IT Security Journalist of the Year.