Improving Notebook Data Security

In April 2011, the Ponemon Institute released a benchmark study of European organizations focused on what it calls the "billion euro lost laptop problem." According to the study, lost or stolen laptops in Europe is a huge problem with over 72,000 laptops reported missing or stolen over a 12-month period by organizations participating in the Ponemon study. That figure translates into an average of 265 unaccounted for laptops per organization. Why describe this notebook data security problem as a "billion euro" problem? The value of these losses is staggering with an average cost of €4.7 million per organization and €1.29 billion across the EU.
 
The study reveals that just 13 percent of the lost laptops went missing in the workplace with the remainder being lost or stolen off-site (42 percent) or while in transit (32 percent). Of the 265 missing laptops per organization, just 12 laptops on average are ever recovered.
 
Not only is this a billion euro problem in terms of lost hardware, it's a huge concern from a computer and network security standpoint. After all, corporate laptops likely hold their fair share of corporate secrets. The Ponemon study also found that industries most affected by missing laptops include education and research, health and pharmaceuticals, and the public sector.
 
Imagine a pharmaceutical company laptop loaded with intellectual property such as top secret drug formulas falling into a competitor's hands. What about a healthcare provider's laptop loaded with sensitive patient records falling into an identity thief's hands?
 
Companies throughout Europe can improve their notebook data security in several ways:
· Laptop Policy and Security Awareness Training
· Secure Cloud Storage
· Data Encryption
 
With over 70 percent of losses occurring off-site, the first step to minimize loss would be to limit the number of laptops taken offsite and equip users with specific security awareness skills. This means drafting a laptop policy that addresses who may take laptops off-site and under what circumstances. The policy should also specify how and where laptops should be secured while off-site. These steps should extend to mobile devices such as tablets, smartphones, and USB flash drives.
 
Another step would be to use secure cloud storage to store data rather than the laptop's hard disk. However, if the laptop is set up to remember passwords, data stored in the "cloud" could be at risk. Users often bypass clumsy controls out of frustration so be aware of the potential for this. Should a laptop go missing, you could disable that particular device's (or its user's) permission to access the cloud storage account.
 
Equipping laptops with encrypted hard disks is one of the best notebook data security options available. Encrypted hard disks are completely unreadable to anyone other than the person with the "keys" (usually a strong password) to the hard disk. If a laptop is lost or stolen, the data residing on it is locked and inaccessible.
 
Laptop computer and network security is as important off-site as it is on-site. Create a notebook data security policy, limit the number of laptops that leave the building, provide your team with security awareness training, store data in a secure cloud, and equip your laptop computers with encrypted hard disks.

Daniel is the author of this article on improving notebook data security to help his readers with this process. Using resources he compiled from WinMagic an encryption software company and an article on examiner he was able to put this informative article on improving notebook data security.