This suggests a number of best practices are necessary to ensure they don't walk off and, if they do, don't compromise the business.Turn on the TPM and Encrypt the Data Store The most obvious first step is to turn on a laptop's Trusted Platform Module (TPM) and encrypt the directories that contain sensitive information. You don't have to encrypt the entire drive; doing so will substantially slow down the machine. If the laptop is stolen, and assuming the password remains secure, the information it contains should remain safe. If the laptop doesn't have a TPM, and Apple's laptops don't, then you'll need to use another tool, like FileVault, which is less secure but still wise to employ.
Implement LoJack For Laptops Absolute Software's Computrace and Phoenix Technologies' Failsafe (which includes encryption) offerings are marketed to OEMs and help recover stolen laptops. Both products are incredibly difficult to remove. For Mac users, Undercover performs a similar role. In all cases, these products notify you when a stolen notebook is connected to a network and, in some cases, transmit screen shots of what the user is doing. That can help to identify the thief or person who bought the hot laptop.
Implement Strong Multifactor User Log In If there were ever a time to dump passwords, this is it. Passwords are inherently unsafe. Properly implemented, a laptop that is aggressively secured with a combination of TPM and fingerprint reader or RSA Token can be much harder to configure to sell than one that is simply password-protected. Intel will soon be introducing a technology it calls Anti-Theft Technology (ATT) that will actually brick a stolen laptop much like high-end phones can be bricked by blocking their IMEI numbers. Since part of the problem is the laptop being stolen in the first place, a visible sticker that says the laptop has this technology and will be bricked if stolen will likely be an important deterrent; the best technology is one that prevents the theft in the first place. It is interesting to note there may actually be more value in the sticker than in the technology, but you'll need both or the sticker will be worthless. Employee Training Perhaps the most important best practice is to train your employees to keep their laptops out of sight if left in their cars and to avoid leaving them in places where they may be stolen. And enforce this training. In the home, laptops should be locked in a safe or secured with a Kensington lock if not in use. I also expect we will once again have folks walking through offices mining the laptops that are left unattended on desks. This suggests those laptops should either be locked in drawers, locked to the desks, or locked to docking stations.
This practice may actually trump many of the others if we are simply trying to avoid a theft in the first place. The careful employee is the safe employee. If employees are alert and careful, not only are their laptops safer, they and their families are safer, too, because catching a thief can often be worse than the theft itself.
-- Rob Enderle is President and Founder of Enderle Group. Special to Dark Reading.