Laptop Security for Accounting Professionals

Sift Media
Share this content

Laptop theft appears to be a cottage industry in the US. Consider these facts:

• According to Safeware Insurance Agency, more than 750,000 laptops are stolen every year. This translates into more than 1 billion dollars in lost property and according to the study more than $5 billion loss of proprietary information.

• According to the FBI, a whopping 97% to 98% of stolen computers never return to their rightful owner.

• From 2005 to 2006 there was an 81% increase in the number of companies reporting stolen laptops containing sensitive information (2006 Annual Study: The Cost of Data Breach. Ponemon Institute, LLC, 2007).

• The average business loses about 5% of its laptop inventory to theft. Top law enforcement agencies aren't even immune. The FBI reportedly experiences three to four laptop thefts a month.

• More than half of the stolen laptops are stolen out of offices so almost nobody is really immune to the risk of having their laptop disappear. 90% of laptop theft is committed by insiders.

Clearly people with confidential information on their laptops need to take measures to make sure that the thieves will not be able to access this confidential information. Regulations like Gramm-Leach-Bliley, HIPAA, Canada’s PIPEDA, the EU Data Directive, Sarbanes-Oxley, and state security breach notification laws can impose criminal penalties for those compromise other’s confidential information. Whole disk encryption is certainly a solution people with confidential information on their laptop should consider. This is clearly an important issue but not the subject of day’s post.

Today’s post is focused on technology that can improve the chances of recovering a stolen laptop from 2% to over 75%. This is technology that is widely available and proven to work. It involves loading software on your computer that allows your computer to let you know where it is when it has been stolen.

This software is called “track and trace software.” It is designed for people who have laptops with lots of confidential information and for companies who are losing lots of laptops. It works by loading software on your laptop that uses an Internet connection to tell you where it is after it is stolen. There are lots of these products (ex. Computrace LoJack, XTool Laptop Tracker, CyberAngel, and more) and some are loaded at the bios level so they still work even if the hard drive is reformatted.

Absolute's Computrace product will instruct you laptop upon its first connection to the Internet to send Absolute its IP address every 15 minutes. With that information, Absolute's staff, working with law enforcement, tracks down the laptop.

Absolute's product also includes technology that customers can use to destroy data remotely in case the laptop can't be recovered in time. The deletion technology can be policy-based. IT can instruct the laptop to delete sensitive data if it remains off the corporate network for a certain period of time.

Another tool, XTool Tracker, has similar features to Absolute’s Computrace but also has lots of other methods to help recover your stolen laptop. These guys are really serious about getting your laptop back. The following is a list of the things the software can do to try to recover your laptop:

Internet Connection Information In most situations, the Local IP and the Public IP information is enough to recover a lost or stolen laptop. Once it has been determined by our recovery team that this information is reliable, a tracking report is produced so that the police can subpoena the Internet service provider to obtain the contact information associated with the IP addresses.

WiFi Connection Information Since there are so many sources of "free" wireless connections available today, it is easily assumed that a stolen laptop will be connected to one of these sources. WiFi information is used by the XTool Laptop Tracker to make sure that the Internet information collected is reliable and that it can be used to obtain from the police a subpoena.

Telephone Connection Information If an unauthorized user connects your monitored laptop to a telephone line, the XTool Laptop Tracker will place a call to a toll free number at their monitoring center. The monitoring center will then obtain the phone number used to place the call using ANI-Caller ID; even if the caller ID is blocked at the calling location.
Remote Forensic Collection and HoneyPot Collected Information Using an advanced forensic collection tool, the XTool® Recovery Team is able to identify the unauthorized user (name, email, address, etc). This information is then transmitted via Internet or through a telephone connection. The main advantage of this technique is that it does not require a subpoena and has proven successful in cases where the primary tracking methods are not viable.

GPS Information GPS is becoming more popular and some laptop manufacturers are even shipping units with a built-in GPS device. XTool® Laptop Tracker has the ability to detect any type of GPS device connected to the monitored laptop and relay this information to the XTool® Monitoring Center to track. By default, this option is deactivated. However, since the information collected by a GPS is useful even when the laptop has not been reported lost or stolen, the customer wishing to monitor GPS activity can activate this feature without filing a theft/loss report.

Camera Information Some laptops are now made with built-in cameras. XTool® Laptop Tracker has the ability to detect a camera connected to a laptop and can take a snapshot of the unauthorized user that is then relayed to the XTool® Monitoring Center. A picture of the unauthorized user not only quickly leads to the location of the thief but can be used as evidence in case the laptop is sold to a 3rd party.

So why take a chance? If you have confidential information on your laptop, failing to implement some type of control procedure could end up costing you time and grief, create problems with customers and clients, cost you your job, or even land you in jail. These tools work and just could save the day.

William C. (Will) Fleenor, CPA.CITP, Ph.D.
Member, K2 Enterprises, LLC
[email protected]

About admin


Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.