Home » Data Protection » Wireless/Mobile

How to Stop a Laptop Thief

Laptop theft puts your data at risk. Here are your defensive options.

That kind of talk would please Richard Leon, a seen-it-all inspector with the burglary and fencing detail in the San Francisco police department (SFPD). Leon thinks companies should never let visitors in without escorts and should issue badges that clearly show someone is an outsider. In addition, employees should also challenge people they don't recognize who don't have a badge visible. (He recommends that company security guards do badgeless walk-throughs and reward employees who challenge them.)

Law enforcement officials also believe in policy. Leon and his boss, Lt. Tom Buckley, think simple measures make all the difference. By using visitor escorts, enforcing use of badges and employing surveillance systems where someone actually watches the monitors, most companies would drastically reduce their potential losses for laptop theft, says Leon. Buckley also notes that most companies have no record of their laptops' serial numbers, which means that there's almost zero chance of recovering the computers if stolen. "Look, you can't stop all of it. But if there's no policy, it's wide open," Buckley says.

So policy can work. Again, though, companies must be disciplined about it. Here's what they should do:

Educate users. Bombard new users with the statistics on theft and the horror stories. Remind them of the need for Sarbanes-Oxley and HIPAA compliance. Drill the fear of laptop theft into their heads.
Establish data policies. For users with sensitive data access, make sure they need a password to access their hard drives. Encrypt sensitive data and use automated backup. For notebooks with sensitive data on them, try motion alarms.
Do not leave company visitors unattended.
Finally, remember that policy is also not something a company adopts solely to prevent theft. In fact, Harold Hendershot, section chief of the computer intrusion section of the FBI's cyberdivision, says policy must extend to what happens when a laptop is stolen, starting with whether to report it to law enforcement.

"As a security officer, you're going to want to do an assessment: What was on the laptop? Was the password for the corporate network written anywhere? Does the laptop have remote access software?" says Hendershot. Companies need to ask these questions to see how vulnerable they are.

Though most laptops are stolen simply for the hardware to be fenced, exceptions will exist. Hendershot says the FBI was recently involved in tracing laptop thefts from a national laboratory. It suspected the worst for lab data. But it turned out that drug dealers just wanted to use the stolen computers for running navigation software. They plotted the locations where police usually set up their roadblocks and mapped alternate routes for drug runners. Still, Hendershot recommends finding out whether there's proprietary data, especially financial data, on the hard disk of any stolen laptop.