Post on 17-Aug-2014
description
Laptop physical security
A scary but helpful guide for IT managers In the lifetime of every laptop there’s a 1 in 10
chance that it will get stolen.
Statistics show that as many as one in ten laptops will be stolen or lost from an organisation over
the lifetime of each computer
That’s 10% of your colleagues and co-workers knocking on your door for a replacement
machine
This dismal scenario is extremely common. Around 90% of organisations are affected
Laptop TheftQ. Has your organisation, or any of your
employees, experienced laptop theft or loss
The top seven excuses your colleagues will use are:
1. We were burgled
The top seven excuses your colleagues will use are:
2. I was at a conference, I turned my back to talk to someone and, pow, it was gone
The top seven excuses your colleagues will use are:
3. I was only away for a minute
The top seven excuses your colleagues will use are:
4. I left it in the car
The top seven excuses your colleagues will use are:
5. I thought it would be safe
The top seven excuses your colleagues will use are:
6. I asked the person next to me to watch my stuff – he looked really trustworthy
The top seven excuses your colleagues will use are:
7. It was on my desk – then it was gone
Most theft is Opportunistic
Once reformatted, stolen laptops are difficult to spot
Most laptops - 58% - are stolen from work
Thieves usually steal laptops for their resale value rather than for the data
Laptops are easy to sell anonymously over the internet
IDC research shows that the office is the most likely place for a thief to strike
Where your laptops WILL BE stolen from:
86% of IT security practitioners report that someone in their organization has had a laptop
lost or stolen
56% report that it resulted in a data breach
59% of business managers surveyed agree that encryption stops cyber criminals from stealing
data on laptops versus 46% of IT security practitioners who strongly agree or agree
65% of business managers surveyed record their encryption password on a private document such as a post-it note to jog their memory or share the
key with other individuals
50% of business managers have disengaged their laptop’s encryption solution
40% admit this is in violation of their company’s security policy
52% of business managers sometimes or often leave their laptop with a stranger when travelling
1 in 10 laptops are stolen in the lifetime of the laptop (usually around 3 years)
89% of companies experience laptop loss
It takes average of 9 days to get fully operational after laptop loss
The average total cost to a business from laptop loss is $47,000 (including downtime, support
& management time etc)
Only 25% of laptops have data
encryption and 50% of business managers with
encryption switch it off
Business problems you can avoid by using laptop locks
Loss of reputation
Business problems you can avoid by using laptop locks
Loss of reputation Loss of valuable and sensitive data: more than 50% of laptops contain data described by owners or users as
“sensitive”
Business problems you can avoid by using laptop locks
Loss of reputation Loss of valuable and sensitive data: more than 50% of laptops contain data described by owners or users as
“sensitive” Risk of being fined by your regulatory body
Business problems you can avoid by using laptop locks Loss of reputation
Loss of valuable and sensitive data: more than 50% of laptops contain data described by owners or users as
“sensitive” Risk of being fined by your regulatory body
Risk of industrial espionage
Business problems you can avoid by using laptop locks Loss of reputation
Loss of valuable and sensitive data: more than 50% of laptops contain data described by owners or users as
“sensitive” Risk of being fined by your regulatory body
Risk of industrial espionage Reduce the likelihood
of identity theft
Business problems you can avoid by using laptop locks Loss of reputation
Loss of valuable and sensitive data: more than 50% of laptops contain data described by owners or users as
“sensitive” Risk of being fined by your regulatory body
Risk of industrial espionage Reduce the likelihood of identity theft
Losing customers
Business problems you can avoid by using laptop locks
Loss of reputation Loss of valuable and sensitive data: more than 50% of laptops
contain data described by owners or users as “sensitive” Risk of being fined by your regulatory body
Risk of industrial espionage Reduce the likelihood of identity theft
Losing customers Having to tell your customer you lost their data because you
were careless
Theft PreventionQ. What proportion of laptop theft do you believe would
not have occurred if a cable lock had been used?
The Ponemon Research paper published in 2010 said that on average the cost of a laptop theft
is $47,000 for larger organisations
– some of which can have over 1,000 laptops..
IDC suggests that organisations typically underestimate the cost of laptop theft by over
30%
particularly the cost of downtime
And remember you’ll only ever get
3%
of the lost or stolen laptops back
7 common misconceptions
1. Encryption is the way forward
1. Encryption is the way forward.
Company policies now routinely stipulate that any data leaving an office must be encrypted
Around 50% of executives turn off encryption on their laptops if they can
Encryption can never stop someone walking off with a laptop
2. Better door security in the office is the answer
7 common misconceptions
2. Better door security in the office is the answer Unless you have a trusty doorman who knows every employee and visitor by name, this approach is a non-starter Most electronic systems are ripe for abuse. Tailgating, where a second person goes through a door meant for only one person at a time, is a constant menace in companies of all sizes
7 common misconceptions
3. It won’t happen to me or my employees
3. It won’t happen to me or my employees
A typical business laptop lasts for 3.1 years Most theft is indiscriminate and some 10% of laptops will be pinched during their busy, yet sadly brief, lives
4. I can recover the data
7 common misconceptions
4. I can recover the data.
On average it will take you nine days to replace a laptop – so you’ll certainly have time to try
35% of companies have never tried to successfully restore from their back up, so it might not work at all
5. Cable locks are ugly and fiddly
7 common misconceptions
5. Cable locks are ugly and fiddly...
Wrong. New devices like the Kensington ClickSafe have small, sleek barrels and can be fitted to your laptops in less than five seconds
6. Nobody like using laptop locks
7 common misconceptions
6. Nobody like using laptop locks.
Previous physical security devices like laptop locks have been chunky. With the new generation devices, all that has changed. They’re simple to use, too
7. My employees simply won’t use laptop locks
7 common misconceptions
7. My employees simply won’t use laptop locks.
They certainly will if you make the consequences of not using them serious enough
Introducing cultural change into any
organisation can take effort, but there’s a tipping point after which it becomes more natural to
embrace the change than to fight it
How to prevent laptop theft
Get everyone with a laptop, whether they travel or not, a physical visual deterrent to thieves
A laptop lock is the front line of defence
How to prevent laptop theft
Add a clause to your HR or company policy to give people the right incentive to use a lock
How to prevent laptop theft
Give colleagues brief training in theft awareness when you hand them out a lock
How to prevent laptop theft
Ask employees not to leave their laptops in unattended cars
How to prevent laptop theft
Insist and make it a disciplinary matter
– your business and reputation is certainlyworth it
How to prevent laptop theft
Tell employees to use a lock when they are o At home
How to prevent laptop theft
• Tell employees to use a lock when they are o At home o In a hotel
How to prevent laptop theft
• Tell employees to use a lock when they are o At home o In a hotel o In the office
How to prevent laptop theft
• Tell employees to use a lock when they are o At home o In a hotel o In the office o In a coffee shop
How to prevent laptop theft
• Tell employees to use a lock when they are o At home o In a hotel o In the office o In a coffee shop o At a conference or training course
What to do if your laptop does get stolen
• Think of a great excuse (because there is no justifiable reason)
What to do if your laptop does get stolen
• Tell your boss and then take one step back and wait for the answer
What to do if your laptop does get stolen
• Tell IT and then take one step back and wait for the answer
What to do if your laptop does get stolen
• Tell your customers and then take one step back and wait for the answer
What to do if your laptop does get stolen
• Tell your shareholders and then take one step back and wait for the answer
What to do if your laptop does get stolen
• Report it to the police (you’ll be amongst others who made the same mistake)
What to do if your laptop does get stolen
• For some of you – start looking for a new job
What to do if your laptop does get stolen
• For some of you – change all your passwords
What to do if your laptop does get stolen
• Ask friends for photos they may have as copies of the ones you just lost
What to do if your laptop does get stolen
• Feign insanity
What to do if your laptop does get stolen
• Beg IT to get you another one fast
What to do if your laptop does get stolen
• Start rewriting the urgent report you just lost
What to do if your laptop does get stolen
• Request an expense authorisation for a new laptop
General
• Don't leave laptops unattended and always lock
General
• Don't allow anyone else to use your laptop — it is company equipment and provides access
to our networks
General
• If left at work overnight, lock out of sight
General • Choose an ordinary looking briefcase or non-
traditional laptop carry bag• Bags that obviously contain computers are an
easily identifiable target for the casual thief
At Home • Always store inside your home, never leave in
the car and keep where it cannot be easily seen from outside. Ideally, keep locked in a cupboard
or strong drawer
At Home • When it is not possible to lock away, use your
supplied T-bar lock attaching to either an immoveable object or to something that is
difficult or heavy to carry
At Home • Do not allow any use that is not authorised by
The Company
At Home • Only connect to approved or known wireless
networks• Ideally use your encrypted domestic
connection if available
In the Car • Your laptop will be safer if it is not left in the car
at all
In the Car • If absolutely necessary, lock out of sight in the
boot
In the Car • If you expect to leave your laptop in the car
regularly, speak to the helpdesk and ask about additional security measures
• An in-car vault or separate lock to leave in your boot which can be locked to the spare wheel may be offered
In the Car • Consider the overall security of the vehicle in
terms of the location, time of day and duration of your stay when parking
In the Car • While the vehicle is in motion, your laptop
should be stored in its carry bag
• Ideally secure in the boot; a heavy item such as a laptop can become a hazard to vehicle occupants in an accident
In the Car • Only connect to approved or known wireless
networks
Public Transport and Public Places.
• Laptops are particularly vulnerable to theft and loss while using public transport
Public Transport and Public Places.
• Do not use your laptop while travelling unless necessary
Public Transport and Public Places.
• Never leave unattended and never allow anyone else to use your laptop
Public Transport and Public Places.
• Be aware of your surroundings
• Ensure you are not exposing yourself or the laptop to theft
Public Transport and Public Places. • Always use your T-bar cable lock, even when working, to
avoid the laptop being easily snatched
Public Transport and Public Places.
• Only connect to approved or known wireless networks
Hotels, Conference and Meeting Rooms
• Avoid leaving laptops in hotel rooms. Use the hotel safe and get a receipt. If absolutely necessary, use your T-bar lock
Hotels, Conference and Meeting Rooms
• In conference and meeting rooms, use your T-bar lock
Data Protection Responsibilities
• Always use encryption software approved and supplied by The Company
Data Protection Responsibilities • Choose a password that
is unique to your data-encryption key; make it long, random and complicated to guess
Data Protection Responsibilities
• Do not give your network password or token/access device to anyone
• YOU are responsible for all access under these codes
Data Protection Responsibilities
• Remember that access to your laptop can also mean access to The Company's network
Data Protection Responsibilities
• Your laptop is the property of The Company; do not lend it to anyone
Data Protection Responsibilities
• If you leave your laptop switched on and unattended you must activate the password-protected screensaver
• Ideally, never leave switched on or logged in. Log out, shut down
Malware Responsibilities
• Malware is harmful software such as viruses and spyware
• Malware on your laptop could be spread to the wider company network or risk the security of the data on your laptop
• No malware should be allowed on your computer
Malware Responsibilities
• The Company provides all laptop users with pre-installed antivirus software
• Make sure you know how to access and use this software. Call the helpdesk for advice if needed
Malware Responsibilities
• If you do not have regular access to The Company's network then you will not receive regular antivirus updates
• Make sure you log on to the company network at least once a week
Malware Responsibilities
• Always scan files for viruses• Your email is automatically
scanned for you as are files from the company network
• If you are given a file on a disk, USB key etc, scan the disk and/or file for viruses
Malware Responsibilities
• Do not open any email attachments unless they were expected and from a trusted source
• Email attachments are the number-one malware risk
Malware Responsibilities
• Do not download any software. If you need a different or more current application, contact the helpdesk for advice
• Most permitted applications are updated automatically for you when you log into the company network
Malware Responsibilities
• If you suspect a virus attack, contact the helpdesk immediately
• Do not access the company network or back up files until your laptop has been inspected
1 in 10 business laptops gets stolen. The result can be catastrophic
Learn more about physical security now and get protected against theft!
Download the 16 page whitepaper
Sources • *http://intel.ly/mkvRrl • **http://bit.ly/jN3RHl • http://clicksafe.kensington.com/laptop-physic
al-security-a-scary-but-helpful-guide-for-it-managers/
• http://clicksafe.kensington.com/blog/bid/55013/7-misconceptions-about-physical-laptop-security
Image credit• Slide 3 http://skincitysl.com/• Slide 5 http://weirdworldwebnews.blogspot.com/2009/08/bank-employee-nabs-robber-but-loses-job.html• Slide 6: http://triutami1359.blogspot.com/• Slide 7: http://www.flickr.com/photos/diseno3d/3865108573/#/photos/diseno3d/3865108573/lightbox/• Slide 8: http://www.flickr.com/photos/rbpdesigner/4096002087/#/photos/rbpdesigner/4096002087/lightbox/• Slide 9: http://themensgiftguide.com/blog/?p=355• Slide 10: http://www.protouchblog.co.uk/2009/05/self-service-kiosks-help-or-hindrance-to-the-industry/• Slide 11: http://www.hodson-office.co.uk/• Slide 13 : http://www.flickr.com/photos/mkosut/3631119830/#/photos/mkosut/3631119830/lightbox/• Slide 16: http://personalisedgift.org.uk/product/5/278/Personalised-Occupation-Caricatures-Office-Worker.html• Slide 16: http://www.fastcharacters.com/character-design/cartoon-business-man/• Slide 17: http://www.flickr.com/photos/isabellewong/2978822643/#/photos/isabellewong/2978822643/lightbox/• Slide 19: http://www.singlesolution.com/blog/page/2/• Slide 20 http://www.topnotebookcomputers.co.cc/2010/11/top-10-laptops-for-christmas.html• Slide 21: http://nsplprojects.com/SRProducts/administrator/pictures-of-stressed-people&page=6• Slide 22: http://www.justcalendar.org/calendar/calendar.jpg• Slide 23: http://www.plrinternetmarketing.com/blogging/want-to-get-started-making-money-blogging/• Slide 24: http://www.pspsps.tv/2008/06/• Slide 25: http://www.soxfirst.com/50226711/strategic_corporate_reputation.php• Slide 26: http://westernthm.wordpress.com/2011/04/21/the-messianic-secret-early-fabrication-or-historical-reality/• Slide 27: http://medicallicenseverification.com/2010/08/09/usa-navy-doctor-arrested-and-fined/• Slide 28: http://uk.askmen.com/money/keywords/espionage.html• Slide 29: http://www.americanbadbusinesslist.com/identity-theft/• Slide 30: http://www.uktranslation.co.uk/• Slide 36: http://www.codinghorror.com/blog/2007/03/creating-user-friendly-404-pages.html• Slide 38: http://catholicismpure.wordpress.com/2011/03/19/the-night-watchman/
Slide 40: http://mappingcompanysuccess.com/2008/02/quote-day-at-leadership-turn/Slide 42: http://www.recover-lost-data.co.uk/Slide 44: http://www.vibrant.com/cable-messes.phpSlide 48: http://inchatatime.blogspot.com/2007_11_01_archive.htmlSlide 52: http://speechempoweredcomputing.co.uk/Newsletter/Slide 53: http://news.bbc.co.uk/1/hi/8220274.stmSlides 77-80: http://jessthebee.blogspot.com/2010/11/home-sweet-home.htmlSlides 81- 86: http://www.trybuysoftware.co.uk/list.php?string=sport+car&match=Exact&search=KeywordsSlides 87-92: http://www.bestraveltips.com/travel-tips-for-europe-train/Slides 101-107: http://www.malware-help.com/Slide 95- 100: http://www.connexionslive.com/AboutConnexions/Legal/DataProtection/Default.aspx