What to do when a laptop is lost or stolen

So, Murphy's Law has struck -- an employee finally lost a laptop. It's been on your mind for a while, given the facts and the ease of breaking in and uncovering sensitive unstructured information. You've been dreading it but figured it wouldn't happen to one of your employees. After all it's corporate policy not to store sensitive information anywhere but on a select few servers.

This is a predictable enterprise scenario I come across quite often. In fact, the formula is almost always the same: criminal mind + trusting users to do the right thing + minimal endpoint security = exposure of sensitive information. When a laptop is lost, there's a lot to be done in a short time, and it's best to err on the side ...

RELATED CONTENT Mobile Security Mobile security threats Two-factor authentication: Mobile security at your fingertips Securing your Windows Mobile devices In-the-cloud defenses for mobile malware On-device defenses for mobile malware Is malware coming to a smartphone near you? Protecting data on your BlackBerry Defining your mobile security policy Government regulations and mobile security policies Symbian: Protect your data, not just your device Hackers and Threats to your Mobile Enterprise Mobile security threats Securing corporate data on your laptops iPhone hacking: Lessons from the front line Trends in mobile computing Traditional security threats coming soon to mobile device near you Prevent mobile malware: Learn how to protect your enterprise and devices On-device defenses for mobile malware Is malware coming to a smartphone near you? New challenges in mobile device discovery Mobile security – Understanding and controlling risks Notebooks and Laptops Choosing personal mobile devices in a diverse mobile world Nokia to enter the netbook market Can the smartphone replace the laptop? Dell Latitude D430 with U7700: Laptop review by user Lenovo ThinkPad X200 laptop review Laptop technology fundamentals guide HP Voodoo Envy 133 business ultraportable debuts HP, Dell lead laptop sales for Q1 2008 Laptop review: Dell XPS M1530 user opinions Lenovo laptops keep score at the NBA Finals Notebooks and Laptops Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bluesnarfing  (SearchMobileComputing.com) drive-by spamming  (SearchMobileComputing.com) mobile phone virus  (SearchMobileComputing.com) SMiShing  (SearchMobileComputing.com) war driving  (SearchMobileComputing.com) warchalking  (SearchMobileComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

of caution even if you believe nothing sensitive was stored on it.

What to do
Instead of pointing fingers and placing blame, it's best to focus on the important elements that help you stay focused on the business task at hand. Listed below are a few key steps to take if someone in your organization loses a laptop or has it stolen. These measures will help you respond rather than react and will get you back on the road to recovery, minimizing any future worries.

1. Contact the local law enforcement agency where the property is thought to have been lost or stolen.
2. Notify your compliance officer, marketing and PR managers, legal counsel, and any others with a vested interest so they can prepare to respond in their areas of responsibility, such as media inquiries and customer notification.
3. Look at any recent backups of the system you may have in order to determine what is likely to have been on the machine when it was lost or stolen.
4. Change any WEP or WPA/WPA2 pre-shared keys on your wireless network to keep the person who recovered it from accessing your network.
5. Change the user's network, email, Web, database, or other application passwords to prevent any unauthorized system use and abuse.
6. Change any other user or administrator passwords that may have been present on the operating system or related applications in case that information is recovered.
7. Hope and pray for the best! It could very well be that the system wasn't fully breached, was reformatted and sold for cash, or may soon be returned.

Doing the right things
Once you get back on track after responding to the breach, it may be time to step back and assess how security breaches and overall information risk are managed in your organization. The most important thing to do is to see where you're vulnerable. Look at a sampling of laptops to see just how susceptible they are to information breach if they're lost or stolen. Pretend you're a bad guy who just came across a laptop. What can be done with the information stored on it, including word processor and spreadsheet files stored in the Windows Documents and Settings folder, any temporary directories, or even the desktop.

Furthermore, try to uncover passwords in areas that many people don't think about -- Windows .pwl files, protected storage elements, VPN client software, and more. I recommend Elcomsoft's Proactive System Password Recovery tool. Many people don't realize that all this information is stored and readily accessible once someone has their laptop.

Next, you need to update your existing security incident response plan or create a new one. Such a plan consists of the who, what, when, where and how steps outlining how breaches are handled. A solid incident response plan will have the following sections:

• Introduction
• Preparation
• Detection
• Containment
• Investigation
• Eradication
• Recovery
• Follow-up
• Team member contact information
• Testing procedures
• Record keeping
• Revisions

For more information on developing a solid incident response plan, check out my previous tip on the subject, as well as NIST's guide.

Finally, look into laptop security controls -- whole disk encryption and more -- which I outline here and can help enforce your policies, support your incident response plan, and manage information risks.

Looking ahead, remember that the problem of losing a mobile device that leads to information exposure is not limited to laptops. It also applies to smartphones, PDAs, and any other electronic device that stores even the least bit of enterprise information that can be easily recovered. Without a plan, suitable technical controls, and mobile device oversight, the lost laptop dilemma will continue to haunt you and your organization. Who has time – or the nerve – to deal with that?

About the author: Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books, including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com.

Rate this Tip To rate tips, you must be a member of SearchMobileComputing.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.