To lose one laptop may be regarded as a misfortune; to lose many looks like carelessness

Mobile computing it a marvel of the modern age.  Only a generation ago a portable computer required a healthy physique to carry it around and use in the manner advertised or intended.  Fast forward to today and many people will know of families where the children have a laptop rather than a access to a regular PC.  They can be seen used everywhere, planes, trains and yes automobiles (have you seen them perched on the dashboards of European trucks as they trundle along the motorways?).

The reduced weight has really brought the use of mobile computing to the fore.  There does appear to be a down side.  Physically keeping hold of what is yours. 

In the last week the media has once again highlighted several instances of organisations ‘losing’ laptops.  The loss of these is likely to be very inconvenient for the people who were meant to use them.  It is however the wealth of information that can be extracted from the devices that is of grave concern to everyone else.

First to break cover was Middlesborough Council with the loss of 9 laptops containing sensitive Social Care information relating to a reported 63 cases.  It was explained when asked about security and the possibility of encryption that some measures where in place but the Council had an ‘adhoc’ attitude to Information Security.  It also became clear that the Council had suffered a burglary and the loss of another laptop last year.

Only days later the next story to break relates to the loss of another laptop.  This time from the MOD.  The data this time included a reasonable amount of personal data for 600,000 people.  When the question about security was raised a very suprised answer came that this laptop also had no drive encryption software in use. 

This leads to so many questions.  Why did a laptop contain so much live data that should be securely stored in a database in a data centre? Why was no full disc encryption tool deployed to this device as outlined by organisations such as CESG?  Why was nothing changed after the previous losses? 

Oh Yes..previous losses.. roll call;

Two military laptops containing the unencrypted details of at least 500 military personnel and potential new recruits had been lost in the last two years

68 MoD laptops were stolen in 2007

66 in 2006

40 in 2005

173 in 2004

After that number you might expect that taking your own advice on security seriously would be important but apparently not.  We have been told that they are recalling all the similar laptops.

Let this be a lesson to any organisation.  A laptop will cost you £450 and drive encryption software can be purchased for approx £80.  The overall cost compared to the risk is low.  If you create, read, transport, store or use sensitive information relating to your line of business be the information

~ by Simon Hancock on January 21, 2008.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: