1 in every 10 laptops is stolen!

Let’s start with a small story. On February 23, Andrew Arai, a laboratory chief of the National Institute of Health in Washington DC, was taking his daughter to a swim meet, when his laptop was stolen from his car trunk. He reported the incident to NIH and they called it a random theft. And now comes the catch. The laptop contained clinical research data of 2500 medical volunteers, including very personal information like their names, ages, medical histories and heart scan reports. This created a furor in the medical world.

A very similar incident followed. Six laptops, containing personal information about 20,000 NHS patients, were stolen from St George’s Hospital in Tooting, London.
Organizations today are spending billions of dollars (yes you read it right, billions of dollars!) on digital security technologies like firewalls, intrusion detection systems and secure transports. But ironically, most of the time the loss of digital information is by physical theft! And laptop theft ranks highest on the list.

Take this. One in every 10 laptops is stolen. And 97% of them are never recovered. You may not even know if your data goes to the hackers. Notification is not made mandatory in most country rules. As extreme solution is to prevent laptop use or prevent confidential data from reaching laptops but these are nearly un-implementable in this day and age. What is required is a mechanism by which the data inside the laptop can be protected.

The obvious solutions are encrypting the contents of the laptop itself and storing the “key” separately. The “key” can be in the form of a username / password, a physical smart card or a network-based repository. This prevents the stolen laptops contents from being read in case of a theft. The challenge then shifts to
1. Efficeint "key" management : This is dependent on the nature of the key itself i.e. if the key is a biometric identifier then there is no management required ( unless someone looses a finger ! ) but it has significant overheads when it comes to employee attrition.
2. Ensuring that confidential data on laptops is always protected : This is a big challenge as it almost always means that the enterprise must have physical control of the laptop before the theft which is very difficult to implement. Besides employees laptops, organzation confidential data regularly gets into laptops owned by consultants, partners and even regulatory agencies .. how does one secure that data ?

IRM ( Information Rights Management ) systems like Seclore FileSecure control the usage of information itself irrespective of its location. In such a case information usage can be locked to specific people, specific actions (whether he can view it, print it, forward it etc.), specific time and specific locations (networks, computers etc.). This means that as soon as a laptop theft is reported all confidential information on the laptop can be blocked from use centrally. It also means that the same information cannot be used from another computer, since the information itself is protected and is not reliant on its physical location.

Towards the end, we’ve got a story too. A laptop that belonged to an Ernst & Young employee was stolen from a vehicle. It made personal information of 243,000 Hotels.com customers open to the hackers!! While computing the monetary loss associated with this theft is an exercise on its own .. a simpler exercise would be to make sure that information going on laptops is protected by a system like Seclore FileSecure.

A world of free and fearless data exchange awaits us.