Technology for dealing with lost laptops

gallery

Keep data off portable devices

First then, is to ensure data is not actually kept on portable devices. While mobile working is making this increasingly common, much data does need not be taken out of the office, experts have said.

"People need to make a decision whether they need laptops," said Richard Farnworth, general manager of enterprise solutions for NEC, adding that technology such as virtualisation can help keep centralised data in its right place, while still allowing mobile access.

He recommended the use of disc-less laptops, where no information is held, but access to centralised data is through wireless connections over a VPN. "The key thing is, if lost it has nothing," Farnworth said. "It has the ability to connect to the office, but if you lose it, it really doesn't matter."

While he said some people will still need full-spec laptops, as they run more heavy-weight applications, sensitive data can still be left at the office. As MPs asked Browne in parliament after news of the MoD breach broke, why did recruitment staff need to have lists of national insurance numbers?

Quocirca's Longbottom explained: "On remote devices where there has to be some data (e.g. salespeople, field service), the company has to ensure that only the information critical to the person's job is there - everything extraneous should not be there. For example, it is unlikely that the Navy employee needed all the NI numbers or bank details of the people he was carrying information on - it was more probable that he needed addresses and more qualitative data, such as the CVs. If only this had been nicked, it would be far less of a problem."

Encrypt everything, all the time

For the data that is left on laptops, security policies need to be backed up with some solid technology: encryption - the very thing the Information Commissioner told M&S to do to all its laptops this week.

"The simplest way is to encrypt the entire disc," said Workshare's Fantuzzi. "If you use full disc encryption (FDE) they can only wipe the drive clean. You're going to lose your laptop, but they're not going to get your data."

As a stop-gap measure following the MoD debacle, the cabinet secretary has banned any laptops from leaving government offices without first being encrypted - but such a policy was already flouted in the case of these missing MoD laptops.

So what can organisations do to prevent their own workers from being the weak link in a chain? Nick Lowe, regional director for Northern Europe at security firm Check Point, said that companies must automate the security, taking it out of the hands of their employees.

"The big security issue with laptops is to have full-disk encryption (FDE) across the laptop fleet. FDE automates the encryption process and secures the entire disk, so mobile users don't have to worry about security - and can't interfere with it," he said.

Spencer Parker from ScanSafe agreed, saying users can not be given a choice with security, as they'll make the wrong choice. "The key thing, to ever get a policy to work convincingly, is you've got to have zero end-user input... they can't ever be offered a choice," he said. "The moment you give them an opt-out, they will... you're never going to stop an end-user being stupid."

Email to a friend

Print this page