Home » Data Protection » Wireless/Mobile

How to Stop a Laptop Thief

Laptop theft puts your data at risk. Here are your defensive options.

What can companies do to stop computers from being stolen? "Security today is what quality was in the '80s," says Gerry McCartney, CIO at the Wharton School. "People say, 'Yeah, I don't have to worry about that, we have a team that does that.' So they leave their offices open all the time. It goes back to the mentality that security is someone else's problem, not mine."

But, like quality, "these virtues are either [ingrained] in an organization or they're not," McCartney says. "You can't put up a sign and create them."

At least, not overnight, says Tim McKnight, senior director and CISO of Northrop Grumman. While he acknowledges that company cultures are hard to change, McKnight says that they can become more security-conscious—though only if top management leads the way. "There's no silver bullet for the issue," he notes, saying companies must pay attention to four areas: user awareness, physical security new and old technologies, and policy.

"You have to consistently enforce all of that or you lose control," McKnight says. Accordingly, Northrop Grumman constantly drives home the security point. The company has a mandatory security awareness program for all its employees and prohibits employees, including the CEO, from taking laptops with them when traveling to a set list of countries. And company security policy strongly discourages employees from putting data on any devices that leave the borders of the physical corporate building.

Even so, the company occasionally sees laptops stolen, but not from classic "smash and grab" actions; they've been taken almost exclusively from hotels when employees are traveling on business. Hotels are magnets for laptop thieves: They look for weary business travelers who aren't paying attention or who set their laptop cases down for a moment in an unoccupied conference room.

At McKesson, the company has password-protected the hard drives in its notebooks to ensure that if they're removed, they can't be read. Patrick Heim, McKesson's vice president of enterprise security, says, "It's a minor inconvenience for users," but worth it overall to the company. He says that the company encrypts data only for users who carry sensitive information. Heim notes that McKesson's policies can't prevent someone from leaving a laptop in his car, but password protecting the hard drive limits the company's liability, and it's something the company can enforce.

In McKnight's case, he adds that it helps that Northrop Grumman is a defense contractor. Over half of its employees hold some level of government clearance and attend a security refresher yearly to maintain their clearance levels. Many of its buildings require clearance to enter, an automatic barrier to the Daniel Robinsons of the world. But even in buildings that don't, escorts are assigned to all visitors (even when they're headed to the bathroom) and surveillance cameras monitor the premises.