Archive for the ‘Laptop Security’ Category

The number of users affected by identity theft through malware has jumped by 600% in comparison with the data from this time last year.   The increase could be the result of the current economic crisis with so many people being affected by the crunch.

The numbers are staggering.  Every day, PandaLabs gets almost 37,000 samples of various types of internet threats and a whopping 71% are Trojans designed to steal banking and credit card information as well as passwords for commercial services.  An estimated three percent of users have been victimized by these silent threats since they normally don’t have any idea they’ve been affected until it’s too late.

There are some steps that users can take to protect themselves:

1. Be wary of any requests for personal data since most banks, payment services (i.e. Paypal) or social networks would never ask for that type of information in an informal way.  Never respond to requests for login information, for example, if they came in the form of an email or text message.

2. Avoid looking up your bank or online store websites through a search engine.   Type the address directly into your browser and double check that it is correct before hitting “enter.” 

3. Verify that the page has valid security certificates which are typically easy to identify by a “locked padlock” icon somewhere in the browser.  Banking websites might have the padlock image right beneath the login fields (see image below at left) whereas the little symbol appears at the end of the address bar in Internet Explorer (image at right). 

Sites like Paypal might also have the padlock above the login fields but you can also look for Verisign Identity Protection icon at the bottom of web pages.

4. Arm your computer with up-to-date security solutions such as Computrace LoJack for laptops.

5. Trust your instincts.  If something looks suspicious, contact the site’s customer service line.  Never enter your personal information if you think something looks wrong.

6. Look into getting identity theft insurance if you regularly shop or bank online.  This will provide coverage if you become the victim of identity fraud.

The NY Times had put a great article this week entitled "On the Trail of the Missing Gadget." Of course, Absolute Software’s Computrace / LoJack products fall into this category of "missing gadgetry retrieval", so to speak. The article does a great job of generalizing how these technologies and services work, and how absolutely easy it is for the end user. The software just sits there until you need it – then we do all the work to help retrieve your missing gadget if it does go missing! Simple!

With the case of more advanced technology, like we employ at Absolute, the recovery is aided by services such as GPS, keystroke captures, or by internet connections to gather evidence and help determine where the lost device is being used. At Absolute, our recovery team also continues the process until the point when the device is recovered. This is by far the safest route, as you, the customer, never come in contact with the criminals. This also enables law enforcement agencies to prosecute those responsible for thefts.

John Livingston, CEO of Absolute, explains why:

"We will purposefully never reveal a location to a consumer customer. We won’t do it. Once you declare that it’s lost or stolen, we take control over the location at that point. We purposely keep some safe distance between the end user and the thief."

Absolute employs a team of 40 investigators with experience in law enforcement. This team then works closely with local law enforcement agencies to recover stolen devices. If you have sensitive data on your device, you have the option to trigger a remote delete of that data. We’re also working on a way to permanently disable the computers, which will hopefully be another deterrent to theft.

You can learn more about the Absolute recovery process here.

According to the 2009 Annual Study on Enterprise Encryption Trends, completed by Ponemon Institute and sponsored by PGP, indicates that while encryption strategies have become more consistent, data breaches continue to be an issue. In addition, the data indicates that mobile security is becoming more of an issue, with 51% of respondents indicating a complete lack of encryption on mobile devices (smartphones, PDAs).

This is the 4th annual study on enterprise encryption, basing the data this year on 997 IT and security practitioners in the US (a UK study is also available). The study looks at trends in encryption use, planning strategies, budgeting, and deployment methodologies in enterprise IT.

Highlights from the study:

• 78% of organizations have an encryption strategy in place (74% in 2008)
• 85% experienced at least one data breach in the last 12 months (84% in 2008)
• 22% experienced >5 data breaches in the last 12 months (13% in 2008)
• 58% say data protection is a very important part of overall risk management
• 59% say encryption of data on mobile devices is very important or important
• 26% indicate they encrypt their smartphone or PDA ‘most of the time’
• 51% have no encryption in place for the smartphone or PDA

I was surprised that the repeat data breach figures had gone up so dramatically, showing perhaps that data breaches are becoming chronic issues in some companies. This could indicate a lack of proactive security planning and risk assessment.

The study does indicate that companies are seeking out encryption solutions to preserve brand and reputation, in addition to mitigating breaches and meeting compliance regulations. This shows, perhaps, that companies are ready to take a more pro-active approach to security planning. Remember, too, that encryption is only a part of the solution to pro-active security planning. Absolute Software can help with other pieces of that puzzle, providing IT Asset Management & Theft Recovery for laptops and mobile devices.

Download the report, for the UK or the US, here.

Via SC Magazine

Absolute Software recently attended the Infosec conference, and Bill Pound, VP international corporate development at Absolute, has an article out this week in ComputerWeekly about beating the airport data theft threat. Whether you’re a regular business traveler or gearing up for that big summer trip, Bill offers some great tips to keep in mind.

Airports are a prime location for the loss or theft of laptops; London’s Heathrow airport has up to 900 devices going missing per week, for example. Though some of these laptops may be password-protected or encrypted, data security concerns still exist. And with good reason – the data could be worth far more than the lost device.

Bill offers several pieces of advice, from laptop tracking software such as Computrace to beefing up security policies so that employees understand how to protect their devices against loss or theft. Basic airport security precautions include: not checking your laptop as luggage, using an inconspicuous bag, always watching your bag, adding identification to your bag, and being extra wary when going through security checkpoints. You can read more here.

Some other great reading for you:

• PCI DSS compliance: You can’t just check the boxes
• Survey: 37% of employees would become insiders given the right incentive
• Nine steps to halt data breaches

Image: clipart

Who Breached: Oklahoma Department of Human Services
Number Affected: 1 Million+
Information breached: Social Security Numbers
How: laptop stolen from car

It’s been a while since I’ve done a major highlight of any recent data breaches. They keep happening, to be sure, but the details often start to look the same. However, this one caught my eye from it’s magnitude. The Oklahoma Department of Human Services (OKDHS) is notifying more than 1 million residents of the state that their data has been breached as the result of a stolen, unencrypted, laptop.

According to their press release, a password-protected OKDHS laptop was stolen from an employee vehicle (a far too common theft location). The laptop contained names, Social Security Numbers, dates of birth and home addresses for clients who received Medicaid, Child Care assistance, and other program assistance. The laptop was stolen on April 3rd with a press release going out from OKDHS on April 23rd. Letters to affected clients started to go out in the same week.

OKDHS Director Howard H. Hendrick believes the “risk of the data being accessed is low because the computer uses a password protected system,” which is only a very minor security protocol. There’s no guarantee the password was strong and, even with strong password-protection, systems with no additional security precautions pose a high risk for being easily accessed. It is believed that the employee was not violating any policy in place, indicating that the current information security policy does not deal with taking data home or with proper data asset handling.

According to the Security Incident FAQ, OKDHS believes they have “numerous security measures” in place already to ensure client data is safeguarded, but plan to review all policy, procedures and training methods. Let’s hope this sheds some light through the entire organization about how much more can – and should – be done to protect sensitive information.

You can help prevent data breaches such as these, or recover from them more easily, with strong computer security policies, enforcement and training and software such as Computrace from Absolute, which offers many layers of security protection.

Via SC Magazine

Absolute Software made two big announcements recently about it’s leading laptop security software platform, Computrace.

New Computrace Plug-In for McAfee ePolicy Orchestrator

Not only is LoJack for Laptops (Computrace for consumers) now available in the McAfee online store, but Computrace customers can now view asset tracking and security information within the McAfee ePolicy Orchestrator (ePO)!

This new plug-in allows IT administrators to use the ePO software to deploy Computrace to ePO managed assets, to view reports from one central place (vs two dashboards), and to set up summary reports on computers & mobile assets with Computrace installed.

The Absolute Customer Center will continue to offer additional ways to manage your Computrace-protected assets, including geolocation tracking, recovery of missing assets, and performance of remote data deletes. Learn more about this news here.

Computrace for Netbooks Now Abailable

Computrace for Netbooks was launched last week, extending our award-winning laptop security platform to a whole series of ultra-portable computers that are popular with schools, healthcare organizations and corporations.

“Computer populations now include desktops, laptops, smartphones, tablets and now netbooks – often of different ages from a variety of manufacturers. Our goal is to provide visibility and security regardless of form factor and computer brand.” – John Livingston, Chairman and CEO of Absolute

Computrace for Netbooks is available for both PC and Mac operating systems. Learn more about this news here.

The Ponemon Institute, along with Intel, have released the results of a new study about the Cost of a Lost Laptop. The study concluded that the average cost of a lost laptop was nearly $50k, in both tangible and intangible costs.

The study was prompted by an increasingly mobile workforce carrying around more sensitive data on their laptops than ever before. The study focuses on samples of organizations in the US that have experienced laptop loss or theft within the last 12-month period. The 138 cases involved loss by employees, temporary employees and contractors.

Key Highlights from the Study:

• The average value of a lost laptop is $49,246 (replacement cost, detection, forensics, data breach, lost intellectual property costs, lost productivity and legal, consulting and regulatory expenses)
  • The occurrence of a data breach represents 80% of the cost associated with a lost laptop
  • Of the remaining 20% of cost, 59% of that can be attributed to intellectual property loss
• The faster a company realizes of a loss, the lower the average cost associated.
  • If a loss is discovered in the same day, the average cost is $8,950
  • If a loss takes more than 1 week to discover, the average cost rises to $115,849
• Director laptop losses are most costly
  • The average cost of a lost laptop for a senior executive is $28,449, with the highest costs for manager ($60,781) and director ($61,040)
• Encryption saves money, with an average savings of $20,000 for lost laptops with encryption vs those without – but that’s less than half the savings than if you discovered that the laptop went missing the first day it happened
• The cost of a lost laptop varies by industry. The average full cost of a lost laptop is highest for services industry ($112,853) and lowest in manufacturing ($2,184)
•  The average data breach cost of a lost laptop varies by industry. The highest average data breach cost is in the services industry ($108,699) followed by financial services, healthcare and pharmaceutical. The other industires were far less.

What the highlights demonstrate is the high cost associated with lost laptops, but also the possibilities for minimizing the damage if companies can identify when laptops are missing quickly. With software such as Computrace by Absolute Software, you can inventory all your mobile computers and devices, know when one is missing and when its stolen get the Absolute Recovery Team to help find it. You can also do a remote data wipe to ensure your lost data does not fall into the wrong hands. And Computrace with Intel Anti-Theft Technology can lock the computer so it can’t even be booted-up. It can easily help reduce the costs of a lost laptop.

Download the White Paper here [PDF]

Also check out Absolute Software’s recent study with the Ponemon Institute: The Human Factor in Laptop Encryption.

Absolute Software recently announced that Getac computers now support Computrace at the firmware level.

The Getac Rugged Notebook (model A790) and Rugged Tablet (V100) are the latest laptops with embedded Computrace support. The B300, E100, M230 & P470 models will be phased in over the coming months, making it so all Getac rugged laptop and tablet computers will feature Computrace.

The Computrace BIOS support module is shipped disabled and turned off from the manufacturer. Once the customer installs the Computrace Agent, pays for the Absolute Tracking and Recovery service and activates the Computrace BIOS support module, then the extra level of security and firmware persistence will be activated.

Embedding support for the Computrace Agent into the BIOS provides customers the highest level of persistence and allows the Computrace agent to survive operating system re-installations, hard drive reformats and even hard drive replacements. Getac president, Jim Rimay, says:

“Having Computrace embedded in the firmware of our computers gives our customers the additional security and satisfaction of knowing they can track and manage computers as well as delete sensitive data even if the hard drive is replaced or reformatted. Absolute’s services are an ideal complement to our world-class rugged notebook computers and tablets.”

For a full list of firmware-supported computers (from Dell to Fujitsu to Toshiba and more), see here.

Also check out Daily DIY’s “Top 10 Ways to Lock Down Your Data“, which encapsulates many of the tips we’ve talked about here on the blog before. The list includes tips such as encryption, using KeePass for password security, using smarter security questions and protecting your laptop (something we can help with).

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, a private company specializing in security research, sat down with Digital Nomads to talk about laptop security.

The interview references a Dell / Ponemon study in 2008 that indicated that 12,000 laptops per week were lost by business travelers each week in US airports.

Dr. Ponemon talks to the human element to information security – the reality that though technology is there to solve information security issues, there is a rogue element in the people who use the technology. Using the 80/20 rule, the 20% of information security that “people” are responsible for can cause 80% of the damage. Dr. Ponemon reminds organizations that they need to keep up their training and awareness campaigns in order to ensure that negligent employees know more about the consequences of their actions.

The video is very interesting, talking about mobile security, managing user-downloaded software, and creating practical solutions for people to keep using their mobile devices in a secure and useful way. The video also talks about the differences between large and small companies for information security, about keeping ahead of security issues, being mindful of risk and more.

And don’t forget to check out the Absolute and Ponemon Study on the Human Factor in Laptop Encryption.

SBTV recently aired a segment about Absolute Software’s consumer laptop security suite, LoJack for Laptops. The video was made at CES 2009. The host, Mario Armstrong, describes how LoJack works and how important it is to think about protecting your technology devices.

Armstrong also points his viewers to Absolute’s Computrace product for corporate customers looking for even more laptop security solutions.