informa

Lost Laptops Cost Billions

An Intel-sponsored study finds that organizations fail to grasp the risk of lost laptops.
The study happens to note that while 46% of laptops were reported to contain sensitive data, only 30% of them had disc-based encryption, only 29% had been imaged for backup, and only 10% had anti-theft features.

Intel was also present as an example of what can be achieved through best practices. Intel chief information security officer Malcom Harkins revealed that Intel, out of 87,000 laptops, only loses about 700 per year. That's five to ten times less than the average loss rate at the companies surveyed.

Harkins said that as Intel shifted its focus toward mobility in the late '90s, the company made a concerted effort to build business processes that fostered security and encouraged employees to take responsibility for safeguarding their laptops. He added that Intel tries to be fairly permissive about allowing employees to store personal information on their laptops, which he said encourages a sense of ownership and responsibility. Acknowledging that some information security professionals see the mingling of personal and professional data as a risk, he said, "I think it helps more than it hurts."

Harkins added that one problem in dealing with the issue is that security teams tend to want to keep quiet about lost laptops and lost data. He said he understood that impulse but insisted that being open can help people recognize the risk of losing laptops.

"The biggest vulnerability we all face today is misperceiving risk," he said.

Kevin Beaver, an independent security consultant and expert witness with Principle Logic, offered an example of this misperception. He observed that companies spend significant sums to protect themselves from SQL injection attacks but fail to invest in laptop tracking or remote data wiping capabilities.

"Laptops are always the greatest risk in any given security assessment, more so even than smartphones," he said, noting that laptops simply have more data on them.

According to the study, the places where laptops are most likely to be lost break down as follows: off-site locations (43%), while traveling (33%), and inside the workplace (12%). And 12% of the time the location of the loss is unknown.

Laptops are stolen most often when people travel with them. Ponemon observed that security checkpoints are the place where laptops are most frequently lost. Diluting the irony, he added that security checkpoints are also where travelers recover lost laptops most often.

To underscore the need for organizations to manage laptops carefully, Ponemon recounted interviewing one woman at a company who had lost 11 laptops in two years.

"She claimed she wasn't really that careful with laptops because the only way she could get a better one was to lose it," he said.