Wednesday, July 2, 2008

Survey: More than 10,000 laptops lost each week at airports (YIKES!)


According to the Ponemon Institute, in a survey result released today, more than 10,000 laptops are lost each week (not each month!) at major US airports. Close to 10,278 laptops are reported lost every week at 36 of the largest U.S. airports, and 65% of those laptops are not reclaimed, the survey said. Around 2,000 laptops are recorded lost at the medium-size airports, and 69% are not reclaimed. The institute conducted field surveys at 106 airports in 46 states and surveyed 864 business travelers.

Further, according to the survey, travelers seem to lack confidence that they will ever recover lost laptops. About 77% of people surveyed said they had no hope of recovering a lost laptop at the airport, with 16% saying they wouldn't do anything if they lost their laptop during business travel. A whopping 53% said that laptops contain confidential company information, with 65% taking no steps to protect the information.

While the numbers seem too high to be believable, particularly since the survey was commissioned by a laptop manufacturer (DELL), still, the implications are pretty chilling if you're the IT manager or ISO assigned to a company whose employees lost these laptops. From a management perspective, the loss of the laptop itself is an acceptable but regrettable occurrence, however, the loss of the DATA is the one which causes IT managers sleepless nights and negligent employees given their walking papers!

As an ISO or IT manager, what can you do to mitigate the potential impact of the loss of these laptops (often with highly confidential information) contained in its drives?

  1. Encryption - there are a plethora of industrial strength encryption solutions which allow users or the IT department to enforce encryption for the whole disk or selected volumes. An open source solution, TrueCrypt, is a very good encryption product for small or medium sized businesses who are particularly cost conscious. Thus, even with the loss or theft of a laptop, you're assured that the data is useless to whoever finds the laptop.
  2. Tracking software - currently, some security companies are offering services and software to track the location of a laptop once it gets connected to the internet. This might be a worthwhile investment if there are a large number of laptops utilized by a company and the majority of these are brought outside the company premises.
  3. Remote HD wipes - another security option is a a remote disk wipe which the owner can trigger once the laptop connects to the internet. This will ensure that all of the data is deleted securely from the lost laptop.
  4. Plain common sense - as the saying goes, common sense isn't that common! Treat laptops like cash and don't leave it hanging around where somebody can snatch it up either by mistake or more likely, deliberately!

No comments: