• United States



Laptops on Vacation

Jul 06, 20082 mins
Data and Information Security

A recent study prepared by the Poneman Institute claims over 10,000 laptops are lost or stolen every week at airports in the United States.  If this number is to be believed, the threat to corporate security from the loss of these laptops is certainly extreme.  Various tips have been offered by several authorities to reduce this threat:  clear marking of the laptop as “property of _____,” always making sure the laptop goes through the security conveyor belt before the traveler steps through the metal locator, promptly reporting thefts, use of encryption and biometric authentication, remote destruction capabilities, phone-home features, etc.  The purpose of this entry is not review the report or the tips offered by others, but to highlight the threat in the context of the time of year – the vacation season. 

More and more employees are taking their laptops to far-flung vacation destinations to “check-in” with the office.  While certainly commendable, this presents two additional risks to corporate information.  First, the laptops are being carried, not in connection with business activities, but as part of vacation plans where the employee’s vigilance may be less than acute.  Second, the vacation destinations themselves may present a greater likelihood of theft or loss of control over the laptop.  It is one thing to control a business laptop in a room at the London Hilton, it is quite another to secure the laptop while on a biking vacation in Tuscany or while trekking in Thailand.

As never before, employees must be trained and re-trained on the necessity of controlling their laptops at all times and ensuring their security.  In my experience, the overwhelming majority of laptop losses and thefts result from employee negligence, which can generally be directly linked to a failure to adequately train.  While summer is already under way, it is not too late to remind employees about their obligations when travelling with their business laptops.  Failing to do so may make your business one of next week’s 10,000.


Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author