Encryption Seen as Best Security Measure to Safeguard Laptops
by Terri Eyden on
By Frank Byrt
Laptop computers are top targets for thieves, and, as many victims have found, the true cost of their loss is measured not by the price of the hardware and software, but by the proprietary information on board – a gold mine for identity thieves.
Laptop security is particularly important for accountants at tax season. The loss of a laptop containing clients' personal financial data will mean weeks of lost work and missed deadlines and, if an identity theft occurs, the ruin of a reputation and a likely lawsuit.
Whether they're misplaced or stolen, laptops go missing at an alarming rate. Absolute Software sells a range of security products, including Computrace LoJack for Laptops, which can track and lead to the recovery of lost or stolen laptops and mobile devices. According to Absolute, "a laptop is stolen every fifty-three seconds."
"Laptops are like pocketknives and pet hamsters – you just cannot expect long-term relationships," Jay Heiser, a research vice president at the IT research and advisory firm Gartner Inc., told AccountingWEB. "They go missing."
Protect Yourself from Laptop Theft
Following are tips from the Metropolitan Police Department of Washington, DC, for preventing laptop theft:
- Don't leave a laptop in an unlocked vehicle, even if the vehicle is in your driveway or garage. Never leave it in plain sight, even if the vehicle is locked. Cover up the laptop or put it in the trunk. Public parking garages are likely areas for theft.
- Carry your laptop in a nondescript carrying case, briefcase, or bag when moving about. Putting it in a case designed for computers is an immediate alert to thieves that you have a laptop.
- Don't leave a meeting or conference room without your laptop. Take it with you, or you run the risk that it won't be there when you return.
- Lock the laptop in your office during off-hours; better yet, keep it in a locked closet or cabinet. If a closet/cabinet isn't available, use a cable lock that wraps around a desk or chair leg.
- Don't let unaccompanied strangers wander around your workplace.
- Apply distinctive paint markings to make your laptop unique and easily identifiable.
- Never check your laptop as luggage at the airport. Keep an eye on your laptop while going through security checks.
- Don't leave your bag unattended. Many thefts occur in coffee shops, on buses and trains, or in airports.
According to a 2008 study done for Dell by IT security research firm Ponemon Institute, business professionals at that time were losing more than 12,000 laptops in US airports per week, or about 600,000 annually, and 70 percent were never reclaimed. Ponemon also found that 53 percent of those individuals surveyed reported carrying confidential company information on their laptops, but only 65 percent of them had taken steps to protect it.
And a laptop loss is expensive. Another study done by Ponemon for Intel in 2009 found that the average cost of a lost laptop was just under $50,000, taking all factors into consideration, with the potential occurrence of a data breach making up 80 percent of the total loss.
Brad Sargent, CPA, managing member, and forensic accountant and fraud investigator at The Sargent Consulting Group in Mokena, Illinois, said identity theft stemming from laptop theft "has been a real major growth industry for well over a decade." It used to be about what the thief could get for selling the laptop, but not anymore. "Now, it's all about the data and information."
So the loss of a computer containing a client's personal financial information is a potentially serious legal problem for CPAs, lawyers, bankers, and other professionals. They can be held liable for a client's financial loss from identity theft because such a loss can represent a breach of fiduciary duty, Sargent said.
He suggests that professionals who have sensitive data on their laptops buy a full-disk encryption device so that if their laptops go missing, the hardware won't be accessible without the password.
Although some passwords on these types of devices can run up to twenty-six characters and need to be changed regularly, "you have to weigh convenience versus security. It's a pain in the neck [to reenter the password], but it's virtually impossible to crack," Sargent said.
"And even for small practitioners, encryption programs are readily available at a relatively low cost," said Sargent. "For me, it's worth the inconvenience for the peace of mind."
Gartner's Heiser agreed. "Any organization that's worried about the leakage of confidential or private information from laptops should invest in some sort of full-drive encryption mechanism, preferably one that's centrally managed."