|
The most important (and most
vulnerable) asset in any organization today is the proprietary
information created on personal computers. Recent events have
shown that inadequate data security procedures are resulting
in significant financial losses due to computer crime.
 |
According
to the computer-insurance firm Safeware, some 620,000
laptops were stolen in 2002, at a total cost of more
than $800 million for the hardware alone. |
 |
|
More laptops were sold this
year than desktop PCs. Unlike desktops, laptops are extremely
vulnerable to theft. At several thousand dollars each, notebook
and laptop PCs are attractive targets for theft and are stolen
every day from planes, trains, automobiles and other locations.
Laptop theft has quietly become an international epidemic. By
some estimates, many companies lose five percent of their laptops
each year to thieves. According to the computer-insurance firm
Safeware, some 620,000 laptops were stolen in 2002, at a total
cost of more than $800 million for the hardware alone.
Laptops
are being stolen from some of the most influential government
and business figures in the world today. In September 2000,
Irwin Jacobs, the billionaire chairman of Qualcomm, had his laptop
stolen at a conference at the Hyatt Regency in Irvine, California.
In January 2000, a laptop reportedly used to log incidents
of covert nuclear proliferation disappeared from a sixth-floor
room in the headquarters of the U.S. State Department. Two months
later, British papers carried an account of an MI5 agent putting
his machine down at London's Paddington Station only to have
it snatched from between his legs. In December 1999, someone
stole a laptop from the car of Bono, lead singer for the band
U2; it contained months of crucial work on song lyrics.
In all
cases, the replacement cost of the hardware or software stolen
was far less significant than the value of the information
lost.
According to a study by the
American Society of Industrial Security and PriceWaterhouseCoopers,
data theft by all means cost Fortune 1000 companies more than
$45 billion in 1999. Other estimates are considerably higher.
James Atkinson, president of Granite Island Group, a security
consulting firm, calls theft of corporate secrets "a
national problem". A not-insignificant portion
of the loss is due to laptop theft.
 Back
to Top
To protect their data, users
often rely upon a password: without typing it in, the laptop
will not run. What most people do not know is that this kind
of "protection" represents
no more than a momentary obstacle; it is similar to the flimsy
locks found on suitcases. A thief interested in the data on
the laptop he has stolen can gain unrestricted access using an
ordinary screwdriver within five minutes.
A laptop's password
is usually stored on a chip known as the BIOS. The protection
is therefore only in force on that particular PC. To access
the data, the thief simply removes the hard disk drive and installs
it into another PC. To access the data without removing the
hard drive, the thief needs to "zero out" the
password setting - essentially tricking the laptop
into believing that it is a new, unused machine. Upon powering on,
the PC will subsequently no longer request a password because
it believes that none has ever been set. Resetting the password
can therefore be accomplished by resetting the instructions in the
BIOS. While methods vary from PC to PC, the most common approaches
are:
- Removing, then replacing the
lithium battery from the motherboard;
- Setting the motherboard's
internal reset jumper for clearing all BIOS presets; and
- "Flashing" the
BIOS with new programming.
Instructions are fully documented
by every PC manufacturer and provided freely to service technicians.
Back
to Top
Network
firewalls only provide protection against outside intrusion
via the Internet. Firewalls are not designed to protect laptop
PCs. Laptops are physically mobile and regularly
travel outside the protection of the network
firewall. Because laptops are easily stolen,
their data therefore remains entirely at
risk.
Back
to Top
Laptops
are highly vulnerable targets for industrial espionage attacks.
the only viable means of protection is encryption: laptop theft
wouldn't matter as much if companies and executives routinely
encrypted their data. But they don't, according to Richard
Power of the Computer Security Institute. "Everyone should
be using encryption," Power says. "But
there's not enough blood in the
water yet for people to take guarding their
data seriously." Unfortunately,
most people view security as a
nuisance - something that makes
it harder for them to do what they
want. This is because current encryption
software products are too hard
to use effectively and consistently.
Back
to Top
OfficeLock
is the only encryption software which provides truly automatic
data security protection. Once installed,
it encrypts files when they're closed
and decrypts them again when they're
opened. Users never need to remember
to follow security procedures - OfficeLock
remembers for them. OfficeLock protection
follows files regardless of their
location. It automatically protects files
wherever they are: on laptop and desktop
PCs, on networks, and on the Internet. It
does this without the user ever having to
think about it.
Back
to Top |
