Pretty Much Everybody Is Losing Laptops With Personal Data

from the somebody-call-a-data-plumber dept

Mon, Aug 21st 2006 10:03am — Carlo Longino

If you thought you'd been seeing a lot of stories about companies losing laptops containing personal information, here's why: more than 80 percent of companies have lost a laptop with "sensitive data" on it in the past year, according to a new survey. The biggest problem, according to the company behind the survey, is that firms don't keep track of where personal and other sensitive data is kept, which would seem to evoke the old saying that you should never attribute to malice what can be explained by incompetence. The most obvious solution would appear to be for companies to figure out exactly where all this data is living, and come up with some rules limiting employees' access to it and preventing them from carrying it around unless it's absolutely necessary. As an added benefit, the mere existence of such a policy, even if it isn't enforced, or soundly written can be enough to get a company off the hook should they leak personal data -- just another way companies are being motivated to really take these things seriously. So many of these instances, at least the ones that come to light, aren't taken seriously because the leaked data never gets used, with many companies not taking any proactive steps to secure their data, banking on a variation of security via obscurity that's more like security-via-can't-be-bothered. But with people advertising the value of leaked data, security policies founded on thieves' ignorance can't be effective much longer.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

19 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Guard, 21 Aug 2006 @ 11:10am

Why do more than 80 percent of companies have "sensitive data" on a laptop in the first place?
[ link to this | view in chronology ]
tehdirtaddict, 21 Aug 2006 @ 11:10am

Security
All work should be done remotely connected via VPN. If not possible, then, offiline files should be edited and saved encrypted.
[ link to this | view in chronology ]
Anonymous Coward, 21 Aug 2006 @ 11:13am

who cares?
[ link to this | view in chronology ]
- Javelin, 21 Aug 2006 @ 11:18am
  
  Re:
  Not I french fry.
  [ link to this | view in chronology ]
  - David Dante III, 21 Aug 2006 @ 11:25am
    
    sensitive data
    I run an online business that sells adult merchandise, mostly apparel and rubber "external organ and limb equivalents". We have a very effective policy concerning data security. No sensitve data bearing equipment ever physically leaves the office. All information that is transmitted to us over the web is moved (not copied) to an offline system. It's only connected to the system with internet access once daily. When they are connected, we shut down our router.
    [ link to this | view in chronology ]
    - David Dante III, 21 Aug 2006 @ 11:28am
      
      Re: sensitive data
      i agree with the comment before mine. it is only easy for me because i run a small business. for a large business, it would be almost impossible. (we also sell vibrating and oozing toys as well)
      [ link to this | view in chronology ]
    - DittoBox, 21 Aug 2006 @ 11:45am
      
      Re: sensitive data
      It figures that the porn industry and the RIAA/MPAA have the best security practices and tend to encrypt everything while hospitals, government agencies and normal everyday businesses can't manage it.
      
      The world is fubar.
      [ link to this | view in chronology ]
      - I am a sensitive artist, 21 Aug 2006 @ 12:31pm
        
        Re: Re: sensitive data
        not fubar, SNAFU!
        
        Hey, you know what? There were wartime cartoons they made for soldiers about an officer Snafu, showing you what NOT to do as a soldier, like keeping your trap shut around ladies of the night, keeping your equipment in good condition, reading manuals, yatta yatta. Why not have Employee Snafu films, warning cubicle dwellers not to put their girlfriend's phone number where thier wife can see it. Maybe an Earth2 fanfic or two, but that's it.
        [ link to this | view in chronology ]
        
        David Dante III, 21 Aug 2006 @ 12:43pm
        
        Re: Re: Re: sensitive data
        we also have rectal security devices that trasmit data over a wireless network to your system to better manage the data being exported by the source...
        [ link to this | view in chronology ]
      - David Dante III, 21 Aug 2006 @ 12:45pm
        
        Re: Re: sensitive data
        Honey don't believe everything you read.
        
        i could just be a 15 year old in Kansas with a rudimentary knowledge of data security and too much time on his hand (lost one to a combine)
        [ link to this | view in chronology ]
- Kevin, 21 Aug 2006 @ 11:35am
  
  Re: Who cares?
  I strongly agree that companies should secure their databases in a central location and only allow employees to access the information through VPN (or some other unforseeable secure connection) if they are away from the office.
  
  Virtual Private Networksing is relatively eay. We can even use VPNs for home networking. It works. It's secure. It can be accessed from anywhere. It requires less hard drive space (all data doesn't need to be copied to client computers). All personel would have access to the exact same data at the same time.
  
  You must admit, the future of storage is not on portable devices. Imagine being able to access your personal desktop from any capable computer, PDA, phone, digital tablet, eInk display, or even a wall at some random place.
  [ link to this | view in chronology ]
thenakedwookiee, 21 Aug 2006 @ 11:23am

it is very wasy to say "All work should be done remotely connected via VPN"... but the realities are much more difficult, your remote employees/offices won't use solutions that aren't intuitive and easy to use (almost to the point that of being transparent to them) And in a situation where you have to weigh a certain level of risk against staying competitive and making money, I can tell you where managers are going to bet every time. there is no easy fix here for this problem, companies spend years and millions trying to go down the road of total protection and it just isn't feasible for larger companies to maintain a total lockdown on everything and still allow business to flow. I agree that sensitive data control is a huge problem and it needs to be addressed by the corporations who have the data but also by the software companies who produce enterprise encryption and access software. The market is poor to say the least and the "complete" solutions are anything but. So you get halfway through an implementation and find you have to spend 2-3 times your initial cost to customize the solution and end up with something that is unusable.
[ link to this | view in chronology ]
- mroonie, 21 Aug 2006 @ 12:02pm
  
  simple solutions for not so simple business...
  The point of business is to always do everything in the most effective and efficient way possible. This goes double for larger enterprises. However, just because you are a large enterprise does not mean that there aren't simple solutions out there for you. Enforcing software that is easy enough for each employee to use, makes each employee responsible for the data they take from work to home. Here's an article of one software that might be worth looking at:
  
  http://seattletimes.nwsource.com/html/personaltechnology/2003209737_ptinbo19.html
  
  Apparent ly this software also has an app that can be used to encrypt data on a computer. Only someone who is authorized can then unscramble and access the data....
  [ link to this | view in chronology ]
Sohrab, 21 Aug 2006 @ 11:30am

I gotta say, yesturday, we randomly got a phone call. Not showing up on the Caller-ID. They said they were from our Gym (fitness 24) and that something was wrong with out account and they needed our credit card info again to verify it. They knew my name and my moms name fully, (we both have different last names) I asked them to hold on and they put me on hold and hung up.

I then directly called Fitness 24 and they said they would never do such a thing and that our account is fine.

That is just a basic scam. Its BS that companies can get away with just loosing data like that. Where are the real law suits when we need them?
[ link to this | view in chronology ]
call me crazy, 21 Aug 2006 @ 12:04pm

VPN
I see a few people are on the VPN bandwagon here. Yes VPN is great for securely connecting to a remote office but what's to stop employees to use VPN to connect to the file store then just download the file so they can work on it locally? Once downloaded the info is out and unless the user has a pretty good security setup at home or where ever that info is vunerable.
VPN is a great tool for security but it's not the end all solution. Education coupled with responsible employees is the answer.
[ link to this | view in chronology ]
Republican Gun, 21 Aug 2006 @ 12:10pm

VPN, yeah but......
The only problem is that there are too many people out there that save their VPN setting on their laptops. With saved settings and passwords on the laptop, how secure is it. What about you guys out there that use terminal services on your pocketpc cell phones, is that a risk too?
[ link to this | view in chronology ]
Amazing, 21 Aug 2006 @ 12:22pm

VPN - disconnect
Umm seems like a basic disconnect here, if you truly use a laptop, it's because you're remote often. Ever been on a 2 day business trip to the UK? You get more work done on the plane than on the ground... [back in the day...]

What about having to work disconnected guys? That is - NO VPN, no connectivity at all - if it is feasible for all remote workers to be "connected" all the time - then load NO APPS but the basic OS and let all workers remote in - using CITRIX or something equivalent - dumb terminals come to mind... but wait that's a mainframe term...
[ link to this | view in chronology ]
CoreGuard, 21 Aug 2006 @ 12:25pm

Great solution for this issue
Thats why companies like the one I work for exist. We create a great file system encryption solution that has functionality for offline keys for laptops. See us at http://vormetric.com
[ link to this | view in chronology ]
MEoip, 21 Aug 2006 @ 12:52pm

Call Me
Call me when the company suing a company for loose of personal data on a laptop looses a laptop with said personal information. Then I will care only long enough to laugh but I will care.

I'm guessing the majority of thieves don't steal a laptop and start looking for personal info. They probably steal and sell only when their stolen goods are announced to have millions of personal records do they actually think and say darn I wish I sold that stolen laptop for more than $100 now that I know there were thousands of personal records worth thousands of dollars on it.

In short news folk: shut up about it you possibly cause more harm than good. Company folk: Get my personal data off your laptops! In fact get my personal data off all of your computers you don’t need it! If it gets stolen you can bet I'm coming after you.
[ link to this | view in chronology ]