I've written a number of blogs recently on how to achieve better information security for small and mid-sized businesses. Among others, I made the recommendation that SMBs should protect laptops with full-disk encryption software and usesecure flash drives to protect the information carried on portable storage devices.
As you can imagine, my interested was piqued when I read about a story on Infosec Island contributed by security analyst Robert Siciliano, aptly titled "My laptop security travel ordeal." While on a holiday trip to Mexico, Siciliano had to leave his laptop bag in the front of the car so he could join his wife at the back seat during the airport-to-hotel leg of his trip. Well, the action starts when he arrived at the hotel:
When we got to the resort we were swarmed with hotel help/bellmen pulling our bags out of the van. As I'm counting bags and counting kids and on my way back to the van to get my 2 other bags, the van drove away.
My laptop and backpack were still in the front seat. ON THE FRONT SEAT. There is no way the driver didn't see the laptop on the front seat.
To cut the story short, Siciliano managed to recover the bags from the dishonest and recalcitrant driver about 40 minutes later by tracking him down through a colleague. While the laptop was intact, his bags had clearly been rummaged through.
The moral of the story here is simple: The potential for theft is always present, and the sheer portability of laptops and netbooks mean that they could literally be gone in 60 seconds; and often in a far shorter span of time. Even if recovered eventually, who is to say that the data on an unprotected laptop will not have already been compromised and copied out?
Ultimately, SMBs must not take security for granted. Laptops and portable storage devices can get lost or stolen at any time. While nobody wants that to happen, it is imperative that confidential data is backed up properly and securely protected when it does (not "if" here). Fortunately, security awareness is increasing in SMBs at least, according to a recent survey by Symantec.
So tell me, what does your SMB do to protect company files that are stored on laptops?
And while we're on the topic of laptops, you might be interested to check out an earlier blog titled "Seven Tips to Prolong the Life of Your Laptop."