Those are real issues happening to real people and the problem can be avoided if you -- and your management -- do the right things. Here are some final takeaways to keep your laptops and other stolen computers safe:
- Look at your laptop vulnerabilities from a malicious-eye view and revisit this issue often.
- Educate your users -- over and over again until it's ingrained in their minds -- that thoughts like "I'm just going to run into the grocery store real quick -- the laptop will be OK in the car" and "I just need to step into the restroom real fast -- others in the coffee shop will lookout for my stuff" are very dangerous and can end up getting a lot of people in trouble.
- Ensure screens are getting locked via CTRL-ALT-DEL or a short screensaver timeout.
- Configure Windows to require passwords to be entered upon return from hibernate, suspend or a screensaver time out.
- Most importantly, use whole disk encryption with strong passphrases.
There's always the chance that your stolen systems will be sold, new software will be reloaded, and nothing bad will ever come of it. However, you've got to look at the worst-case scenario. Given that so much information is being stored in so many different places, without whole disk encryption in place combined with sensible password and screen-locking technologies, there's not really any way to be sure everything's protected at all times. That's a risk no savvy business person should ever be willing to take.
Step 1: How it can happen
Step 2: How to crack a laptop
Step 3: How to secure a laptop
Step 4: Laptop security summation
About the author: Kevin Beaver, CISSP, is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Beaver has written five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, (Wiley) and The Practical Guide to HIPAA Privacy and Security Compliance(Auerbach). He can be reached at firstname.lastname@example.org.