Portable Computer Security
In all areas of security, including portable computer security and other mobile devices like laptops, people are always the weakest link in the identity theft prevention and security chain. Companies establish policies, train their employees, contractors and vendors to ensure the security of their precious assets, implement both physical and logical security controls, and still, we continue to be flooded with portable computer security compromises. I guess you could say people never learn or just have a short memory of learned lessons. I wish I could say that these lost or stolen laptops and devices are replaced with just a few thousand dollars and life goes on, but unfortunately, some of these lost or stolen digital devices contain personal information and other sensitive corporate data. Because of the growing number of identity theft cases and laws, any time a company computer containing sensitive personal information such as names, social security numbers and addresses, is stolen or lost, there is a high level of anxiety every where. From my own experience, the anxiety goes beyond the boardroom of the company that has experienced the incident. As soon as the news of a stolen laptop is reported, senior management of major companies jump up and down trying to figure out if their own security controls are in place and whether confidential information is secure; everyone calls everyone in a rush involving the Legal group, Internal Audit, Corporate Security, Information Security and Information Technology, making sure the security policies are in place and Dos and Don’ts are communicated to all employees, asking questions like do laptops contain sensitive data, and whether the data is encrypted. I call this managing information security by reaction because people react to negative news and don’t want to end up in the front pages of major news outlets like the company in the news.
I don’t blame them for not wanting to be part of negative news in the front pages of the newspapers; I wouldn’t want to be part of it either, but instead of automatic reaction to such news, I suggest both companies and employees think of the risks and possibility of computer theft or lost before it occurs. That way, when the news is reported, management can rest assured that 1) they have only allowed limited storage of confidential information on computers as required by the business, 2) they have done every thing possible to ensure adequate security for devices which may contain confidential information, in order to prevent unauthorized disclosure and identity theft in case computers are lost or stolen, and 3) they know exactly what to do when such inevitable incidents occur to themselves or their company.
It’s not all about just device security and identity theft prevention but also about being prepared when the inevitable loss of such devices occurs. Prevention is the first line of defense, however, as people are the weakest link in the security chain and security systems sometimes fail to operate as programmed, one must be realistic and accept that such incidents will have a probability of occurring although as company management, security experts and conscious employees, we attempt to reduce that probability as much as possible.
Prevention, Containment and Loss Management
Let’s explore a few good habits that will help us prevent the theft of our computer and digital device potentially leading to identity theft and identity fraud, and, get us ready to deal with it when and not if it occurs:
Never store confidential data on your digital device if you don’t have to - why create a security problem for yourself. If you lose that sensitive data, you will have to answer all kinds of questions to all kinds of company groups and outside agencies that deal with personal information and identity theft. And, if you violated any company policy such as “never store employee names and addresses on your hard drive”, you could say good-bye to your job.
Don’t carry the digital device around if you have company sensitive data on it - again, when you casually carry sensitive data around, you increase the risks of data disclosure, identity theft and fraud.
Mark the digital device - the chances are that an unmarked digital device is less likely to be recovered that those tagged with an identification of the company, its address and phone number. This will also prevent the thieves from any attempt to sell the device on the Internet.
Register the portable computer with the manufacturer - if thieves are stupid enough to send in the portable computer for repairs, the manufacturer will flag it and may help you recover the computer.
Write down the serial number and store it in a safe place - this is useful for reporting theft of a digital device to the police, which may come across the stolen items during other investigations and casual search.
Use a cable lock - use them whenever you can. Make sure your portable computer security is maintained by attaching a cable lock to a strong, unbreakable and stable object. You should consider using a lock at the coffee shop, airports and wherever you have to leave your portable computer behind for a few minutes.
Be security conscious - always be suspicious of unusual events and places whether you are at the airport, in a hotel room, on the plane, at a conference, or traveling by car. Distractions are sometimes created in public places to steal items. Read the identity theft prevention sections dedicated to car and hotel risks in the travel security area.
Unmarked carrying case - while it’s a good idea to emboss and mark your portable computer; it’s a bad idea to mark its carrying case to attract unwanted attention. A portable computer in an unmarked carrying computer case is less visible to the outside world and thieves at large.
Save file on a removable device - there are several types of external storage devices that can be used to backup your sensitive files. Some of these devices can be pass code protected and even encrypt files. The idea is to allow you to have continued access to your critical files even after your portable computer is stolen or lost. You can use any computer with the appropriate application installed to access your files.
Use tracking software- there is a number of tracking software products that allow police and the phone company to locate a lost or stolen portable computer based on a traceable signal.
Encrypt the portable computer - some operating systems have powerful security features such as secure logon, file level security, and the ability to encrypt data. The encryption system adds an extra layer of security for drives, folders, or files. This will help prevent an intruder from accessing your files by physically mounting the hard drive on another PC and taking ownership of files. Make sure to enable encryption on folders to encrypt all files that are placed in that folder.
Be prepared - trust the possibility that your computer or any other digital device may be stolen or lost and have a plan to deal with it. What are some of the steps that you or your company should take in such a case? Well, first as a user report the case to the police (if it’s your own portable computer) or to the company (if it’s a company computer), identify whether there were any personal information on the portable computer that could lead to identity theft, is this information encrypted, is the portable computer pass code protected, are there any legal requirements for reporting the case to the affected individuals or an oversight agency. Timely communication with the right parties is important to keep every one engaged and in the loop. That being said, do we still need to panic when we hear of someone else’s lost or stolen portable computer? Not if we’re prepared and planned ahead.
Go to the computer security section after "portable computer".
Identity Protection Insights Newsletter
Effective identity protection requires dynamic and integrated solutions. This site provides awareness, education and many solutions to address the growing problem of identity theft. Please sign up for the Identity Protection Insights newsletter to receive periodic notification of important articles and solutions, major identity theft news analysis, fraud alerts, and other service announcements.