There is no doubting the importance of laptops within the company these days. In fact, a corporate presentation I saw recently quoted IDC figures that 65 percent of employees now use a laptop at work. Despite the portability of laptops, few businesses issue locks to their employees and many employees that have them don't use them.
Eager to find out how laptops can be better secured, I spoke to Rob Humphrey on implementing physical security for laptops. Humphrey is director of security products in the Global Business unit at Kensington Technology Group. Kensington created the ubiquitous Kensington security slot incorporated on 99 percent of laptops.
The questions below refer to the use of the Kensington locking system.
Mah: What are the most common arguments you've seen against implementing physical security?
Humphrey: The No. 1 argument against that is compliance. That is, "Why do I buy a lock when I can't get my employees to use it?" The No. 2 argument is a misconception actually, that the locks are not effective. People think that a cable lock can't do much. However, thieves are likely to pass a locked laptop since the locking mechanism takes (more) time to defeat. There are plenty of situations in which the presence of a lock will help create a 5-minute deterrent. It (the lock) is not a foolproof method for security, just a deterrent.
Mah: Are SMBs more resistant to implementing some form of physical security?
Humphrey: I would say that it's about the same. SMBs obviously don't have the same need for sophisticated means of security. If they have a fleet of 20 laptops or more however, they definitely should be using physical security. While they (SMBs) might also not appreciate the value, or appreciate some of the regulations pertaining to securing their devices, the fact is that the cost of a laptop is more painful to the SMB than in the enterprise.
Mah: What are the common mistakes committed by companies implementing physical security?
Humphrey: They don't implement a master key solution. They give everyone a lock and have no alternative way of opening the lock. The locks are also issued in the absence of any guidelines or policies. It's one thing to provide your employee base with the locks, but you're going to get inconsistent usage across your company without a proper guideline. Also, the absence of anchor points to properly secure their laptops.
Mah: Do you have any tips for organizations planning to implement physical security in the workplace?
Humphrey: What I would suggest that people do, is to think of what they are trying to lock down and then look for the right solution. Kensington has a whole series of solutions that can be combined together, such as desktops, laptops, external hard drives and monitors-we can put together such a solution based on just one key. Also make sure that you provide your employees with easy, intuitive tools (to physically lock their laptops), which will help ensure that they are used.
Mah: I have a few suggestions on how small and mid-sized businesses can put together a cohesive strategy to defend against security threats ranging from physical theft to data-loss threats, involving company laptops. I shall be elaborating on it more in my next blog, so do check back for it.