Laptop Security - Laptop Security Blog

Absolute Software Adds GPS Tracking

Related entries in Absolute Software, CompuTrace, Laptop Security, Laptop Tracking

Absolute Software has now added geolocation tracking to Computrace, its corporate multi-layered security solution for theft recovery, data protection, and asset tracking.

Computrace with GPS Tracking allows for IT managers to track GPS-enabled laptops to approximately 10 meters (33 feet) and to view reports using Google Maps technology. Check out the screenshot below:

Adding GPS tracking capabilities to Computrace will allow for IT managers to detect missing computers earlier. When a computer goes missing, GPS information becomes a powerful extra tool for the Absolute Software theft recovery team.

How It Works
Using the embedded GPS technology, Computrace acquires latitude and longitude location information from the laptops. Managers can view the location of all GPS-enabled laptops in their account, individually or collectively, via Absolute’s web-based IT asset management portal.

For more details, read the press release here or contact the Absolute Software sales team.

Tags: , , , , , , , , , , ,

Posted by Arieanna | August 6, 2008 | 0 Comments

Government Laptops Mostly Unencrypted

Related entries in Government Security, Laptop Security, Surveys & Reports

According to a new Information Security report [PDF] from the US Government Accountability Office (GAO), 70% of the 24 major federal agencies surveyed last summer had not yet installed encryption technologies on laptops and handheld devices.

The report, which highlights data gathered from July - September 2007, indicates a confusion about encryption requirements. At the time of the survey, all agencies had initiated efforts to deploy encryption technologies, but none had documented a plan to guide the deployment activities.

“While all agencies have initiated efforts to deploy encryption technologies, none had documented comprehensive plans to guide encryption implementation activities such as installing and configuring appropriate technologies in accordance with federal guidelines, developing and documenting policies and procedures for managing encryption technologies, and training users. As a result federal information may remain at increased risk of unauthorized disclosure, loss, and modification.”

It is likely that governments will provide security solutions such as encryption for laptops before other devices such as mobile phones or thumb drives. Agencies and businesses alike will face increasing challenges in identifying and securing the myriad of mobile devices that could potentially breach sensitive information. Even then, device encryption is only one element of a comprehensive data security policy.

And some internal news - Absolute Software was selected for the CDW Sapphire Partners Program, which offers a proactive approach to embracing breakout technologies. Read about it here. And learn more about Absolute Software’s computer security solutions for Government here.

Via pogowasright, PC world ; image: mconnors @morguefile Tags: , , , ,

Posted by Arieanna | July 31, 2008 | 0 Comments

Ministry of Defence Doubles Lost Laptop Figure

Related entries in Government Security, Laptop Security

The U.K. Ministry of Defence has revealed some startling figures about laptop loss for the last four years: 659 laptops have been reported stolen and 89 lost.

These figures contradict earlier investigations by the Ministry of Defence that put the new figures at double previous figures. Of the laptops lost since 2004, only 32 have been recovered. In addition to these lost laptops, 121 USB memory sticks have been lost or stolen since 2004, some of which held restricted / classified data. You can read more on these breaches here.

Liberal Democrat MP Sarah Teather stated to parliament that:

“It seems this government simply cannot be trusted with keeping sensitive information safe. It is frightening to think that secret MoD information can be lost or stolen.”

20,000 laptops have been recalled by the Ministry of Defence in order to be encrypted. But these figures highlight the importance of having a layered approach to computer security. Encryption alone is not enough to protect data. You need to be able to recover lost or stolen computers to make sure that information is not accessed by unauthorized users. Absolute Software can help companies / agencies like the MoD recover lost laptops - for more on how Absolute helped solve recent laptop thefts at US airports, read here.

Via intergovworld, computerweekly ; image: cohdra @ morguefile ; Tags: , , , , , ,

Posted by Arieanna | July 23, 2008 | 1 Comment

Mobile Data Management Policy

Related entries in Laptop Security, Security Policy

IT Pro put together a great feature on how to create a mobile data management policy. With the increase in smartphones into the marketplace, more employees will be looking for a way to use this convenient mobile technology for work. But that poses challenges for security that businesses must address. So, when it comes to mobile technology (from smartphones to laptops), having a security policy in place is of vital importance to data security.

Your security policy should be generic enough to be easily understood and followed by all employees. An audit of what kinds of devices are currently in use (and what information they’re accessing) is the first step to understanding what kind of security policy you need. The audit will also reveal the operating systems that your mobility security suite will need to manage. After that, you can expect your security policy to include things such as:

  • What to do if a device is lost
  • Incentives for people to report lost devices quickly
  • Which devices can connect to office equipment / data, and which cannot
  • What type of data can be accessed
  • Support VPNs for mobile devices
  • A procedure in place to wipe data off of lost devices
  • Secure disposal procedures for old devices
  • Allowance for users to register their own devices, if they are wiped when an employee leaves the company
  • What applications can and can’t be installed
  • Using strong passwords and encryption

A way that you can easily manage smartphones and follow these tips is by using Computrace Mobile. As part of the Computrace suite of products, it uses the same Computrace Agent that lets you inventory your mobile population, and it offers remote data delete capabilities. You can find out more about it here.

An effective mobile security policy will balance the benefits of productivity with costs and data security needs. You can read more great tips here.

image: dpawatts @morguefile Tags: , , , , , ,

Posted by Arieanna | June 10, 2008 | 0 Comments

10 Reasons Why Your Laptop is at Risk

Related entries in Absolute Software, Laptop Security, LoJack for Laptops

eWeek has published a slideshow of 10 Reasons Why Your Laptop is at Risk that include guidelines for preventing data loss, in every way from patching your system to common sense laptop practices.

The 10 reasons are:

  1. Hard Drives Aren’t Encrypted
  2. USB Drives Aren’t Glued Shut
  3. Work-Home Lines are Crossed
  4. End Users Aren’t Security-Aware
  5. Physical Security Isn’t Implemented
  6. The “Duh” Factor is Ignored
  7. Systems Aren’t Labeled
  8. The Eyes Don’t Have It
  9. No-Jack
  10. As the Worm Turns

The ninth item makes reference to Absolute Software’s Lojack for Laptops:

“Like Lojack for laptops, computer tracing programs can track and recover a lost or stolen laptop, and even render a laptop useless from afar.”

For more information on some of the more cryptic slide titles, check out the full slideshow here.

Tags: , ,

Posted by Arieanna | June 5, 2008 | 0 Comments

Absolute Software Webinar on June 11

Related entries in Absolute Software, Laptop Security, Security Policy

Absolute Software will be holding a 1 hour webinar on June 11th about Laptop Management and Data Breach Prevention. The webinar will present first-hand experiences of Allina Hospitals and Clinics, including a 75% recovery rate on its stolen computers. Computer Manufacturer Lenovo will also discuss best practices for managing laptops.

Learning outcomes include:

  • Gaps in current notebook security programs
  • The importance of remote data delete and theft recovery capabilities
  • Common misconceptions about encryption on laptops
  • How notebooks can be managed when off the LAN
  • How Computrace works on Lenovo notebooks

To register for the webinar, go here

Tags: , , , , , ,

Posted by Arieanna | June 5, 2008 | 0 Comments

Chris Pirillo Recommends LoJack for Laptops

Related entries in Absolute Software, Case Studies, Laptop Security, LoJack for Laptops, Video Reports

A friend of ours, Chris Pirillo, runs a live video stream fairly regularly. In a live streaming he did several months ago, he made mention of Computrace LoJack for Laptops, an Absolute Software laptop recovery service for consumers.

Posted by Arieanna | June 2, 2008 | 1 Comment

5 Data Device Security Tips for International Travel

Related entries in Business Security, Laptop Security, Privacy & Security Laws

Last month, a United States court ruled [PDF] that border agents have the right, without cause, to search your data devices as you enter the country. If your device is encrypted, you have to hand over your encryption key.

The US government has the right to download the entire content of your laptop or data device, and to keep it indefinitely. And according to security expert, Bruce Schneier, these types of searches are happening at the borders of many countries. There has been a major backlash to this from every corner, including from civil liberties groups and from the business community.

Business travelers who carry sensitive information may have to expose this information - aside from breaking confidentiality, it can also result in a data breach incident. Copied and seized data may be subject to breach notification laws, since such data has been exposed and can no longer be accounted for. If you want to take action against this violation of digital privacy, you can learn more here.

5 Data Device Security Tips for International Travel

1. Hide Your Data

Bruce Schneier is advising one solution: hide your important data in a second encryption on your drive. Programs like PGP Disk or Truecrypt will allow you to encrypt a portion of your hard drive with a strong password, and you can hide the icon for added protection. The data would be invisible upon inspection, though smart forensic software could find it. Take note that if asked by security officials if there is an encrypted partition, you are legally required to answer truthfully.

2. Limit Your Data

This is the easiest solution - if you don’t have data, it can’t be found. Delete any un-needed information (old emails, photos, confidential information) with a secure file erasure program. Delete your browser’s cookies, cache and browsing history before heading through security. Also, IT administrators using Computrace can use its Data Delete function to securely erase files. And turn your computer off before heading through. Clean out your other devices in the same way.

3. Use a VPN

Some companies are issuing laptops for travel that are “clean” of any pre-existing data. Once the traveler is at the destination, the data can be downloaded over an encrypted virtual private network. The data can be re-synced before exiting the country, and the laptop wiped clean once again.

4. Ship It

Put sensitive data onto an encrypted drive or card and let FedEx get it to your destination for you.

5. Store It Online

If you don’t have a VPN set up to download information onto a clean laptop, you can set up a similar system on your own. After deleting what information you don’t need, Chris Sogholan of CNet recommends encrypting the data and uploading it to one or two secure places on the web such as Amazon S3. Then make your laptop clean with a secure file erase.

Sources: guardian, gizmodo, eff, cnet, info week, us politics, idg
Photos: morguefile by pdell, ppdigital, somadjinn
Tags: , , , , , , , ,

Posted by Arieanna | May 16, 2008 | 2 Comments

US Department of State Missing Hundreds of Laptops

Related entries in Government Security, Laptop Security, Security Breach

I love audits, don’t you? What an eye opener they can be. Like, when an audit exposes that the U.S. Department of State has hundreds of employee laptops unaccounted for. The U.S. Department of State. No sensitive data there. Just all US foreign relations.

According to officials, as many as 400 of the unaccounted for laptops belong to the Anti-Terrorism Assistance Program, administered by the Bureau of Diplomatic Security (DS), that provides counter-terrorism training and equipment (including laptops) to foreign police, intelligence and security forces. The DS is responsible for securing the US Department of State computer networks and equipment, in addition to protecting foreign diplomats when visiting the US.

So, it would seem there is a flaw in the DS security policy regarding laptops. Currently, DS officials are going around the Washington-area offices to register employee laptops. The laptops are not officially lost until the current searches are completed.

The Inspector General’s audit is still ongoing, but it is clear from this early news that the State Department does not have good records of its inventory.

So, do you consider this to be a data breach at this stage? Or, is it a data breach only when the laptops are officially considered lost?

Via CQ Politics ; Image: click @ morguefile Tags: , , , , , , , , ,

Posted by Arieanna | May 12, 2008 | 0 Comments

Trusting Contractors with Laptops

Related entries in Absolute Software, CompuTrace, Laptop Security, Laptop Tracking, Security Policy, Theft Prevention

CSO Online’s Michael Overly has a good article about businesses trusting their sensitive information to consultants, and what best practices to follow. The first guideline: do not let your consultant store any of the information on a laptop.

There are practical considerations that make it difficult to ban the use of laptops in all situations. Consultants may need to move from site to site easily, with constant access to the data. One solution is to provide laptops to the consultant yourself - that way you can be satisfied with the security systems in place. When that is cost prohibitive, here are some suggestions offered for a laptop security policy to enforce with contractors:

  • WiFi access should be limited to approved secured means, and used only when necessary
  • Hard disk must be encrypted
  • All ports on laptops to be disabled
  • Strong authentication required (e.g. biometric)
  • Security software installed and kept up-to-date
  • Secure and irreversible erasure of data to be enforced at end of data-use period
  • Tracking software with remote data delete should be used (like Absolute Software’s Computrace products)
  • Breach notification protocols should be in place in the event that the laptop goes missing

You can read more suggestions here.

Tags: , , , , , , , ,

Posted by Arieanna | May 5, 2008 | 0 Comments
Next in category