Encryption Seen as Best Security Measure to Safeguard Laptopsby
By Frank Byrt
Laptop computers are top targets for thieves, and, as many victims have found, the true cost of their loss is measured not by the price of the hardware and software, but by the proprietary information on board – a gold mine for identity thieves.
Laptop security is particularly important for accountants at tax season. The loss of a laptop containing clients' personal financial data will mean weeks of lost work and missed deadlines and, if an identity theft occurs, the ruin of a reputation and a likely lawsuit.
Whether they're misplaced or stolen, laptops go missing at an alarming rate. Absolute Software sells a range of security products, including Computrace LoJack for Laptops, which can track and lead to the recovery of lost or stolen laptops and mobile devices. According to Absolute",a laptop is stolen every fifty-three seconds."
"Laptops are like pocketknives and pet hamsters – you just cannot expect long-term relationships", Jay Heiser, a research vice president at the IT research and advisory firm Gartner Inc., told AccountingWEB. "They go missing."
According to a 2008 study done for Dell by IT security research firm Ponemon Institute, business professionals at that time were losing more than 12,000 laptops in US airports per week, or about 600,000 annually, and 70 percent were never reclaimed. Ponemon also found that 53 percent of those individuals surveyed reported carrying confidential company information on their laptops, but only 65 percent of them had taken steps to protect it.
And a laptop loss is expensive. Another study done by Ponemon for Intel in 2009 found that the average cost of a lost laptop was just under $50,000, taking all factors into consideration, with the potential occurrence of a data breach making up 80 percent of the total loss.
Brad Sargent, CPA, managing member, and forensic accountant and fraud investigator at The Sargent Consulting Groupin Mokena, Illinois, said identity theft stemming from laptop theft "has been a real major growth industry for well over a decade." It used to be about what the thief could get for selling the laptop, but not anymore. "Now, it's all about the data and information."
So the loss of a computer containing a client's personal financial information is a potentially serious legal problem for CPAs, lawyers, bankers, and other professionals. They can be held liable for a client's financial loss from identity theft because such a loss can represent a breach of fiduciary duty, Sargent said.
He suggests that professionals who have sensitive data on their laptops buy a full-disk encryption device so that if their laptops go missing, the hardware won't be accessible without the password.
Although some passwords on these types of devices can run up to twenty-six characters and need to be changed regularly",you have to weigh convenience versus security. It's a pain in the neck [to reenter the password], but it's virtually impossible to crack", Sargent said.
"And even for small practitioners, encryption programs are readily available at a relatively low cost", said Sargent. "For me, it's worth the inconvenience for the peace of mind."
Gartner's Heiser agreed. "Any organization that's worried about the leakage of confidential or private information from laptops should invest in some sort of full-drive encryption mechanism, preferably one that's centrally managed."