Do you know where your laptop is? You may want to double check. It's estimated that each year in the U.S., somewhere around two million¹ laptops are stolen or lost--and FBI reports indicate that 97 percent are never recovered.²

These numbers are sizeable, and they're intimidating, when you consider the potential impact a laptop loss could have on you and your agency. According to a recent survey, the loss or theft of just one laptop can cost a company as much as $90,000 or more in fines, credit monitoring for victims, public relations damage control, and class action litigation.³ In 2006, theft of laptops (and other portable devices) was also the second-most-common type of security breach reported in business, following virus attacks.⁴

When your laptop is stolen, the equipment loss is difficult to handle, but it's the disruption to your business and the loss of customer information, employee records or sensitive company data that are far more devastating. If you've heard one of these news stories recently, you get the picture:

• Burglars struck the suburban Maryland home of a VA data analyst, taking a government-owned laptop and disks containing the names, Social Security numbers and birth dates of 26.5 million veterans discharged since 1975.
• A laptop containing the names, addresses and Social Security numbers of about 18,000 Bank of America customers was stolen from a car.
• A Boeing employee's laptop was taken at an airport, compromising 3,600 employees? Social Security numbers, addresses and phone numbers.
• A laptop that belonged to an Ernst & Young employee was stolen from a vehicle. The computer contained personal information of 243,000 Hotels.com customers.

When your laptop goes missing, so does your hardware, your software, and your personal data. It could include financial information, passwords, addresses, Social Security numbers, employee and customer information. Most importantly, you, and your clients, become highly vulnerable to identity theft, or a serious data breach - putting your integrity and your company reputation at stake. With experts predicting that by year end, 50 percent of all PCs will be laptops, there's a lot of risk out there.

Even though you may find the threat of laptop theft attention-grabbing, if you're still among those who are thinking, this would never happen to me, you may want to look over your shoulder - nearly half of all laptop theft occurs in the workplace, so you need to take precautions, even in the presence of friendly coworkers.

In most cases, it's a lax frame of mind that creates an opportunity for trouble. Laptop thieves prey on complacency. They know exactly what they want and how to get it. And too often, they don't have to work too hard to do it. So, no matter whether you're traveling around the globe, or working from the confines of your office, keep in mind: your laptop is an easy target.

More than ever, protecting your confidential information and your clients' sensitive data is essential to your business, and it's become a critical responsibility. Here are some basic steps you can take to keep your laptop and its contents secure:

• Take advantage of your computer's security features. Encrypt your data. Use complex passwords and other security features to add layers of protection. Use and maintain anti-virus software and a firewall.
• Write down your computer serial number and model number and store it separately.
• Store your passwords separately too. Keeping your security codes in your laptop case, or on your desk, is like leaving the keys in your car ignition. Don't make it that easy for a thief.
• Take precautions at home. Don't forget, in the Veteran's Affairs story noted above, that laptop was taken from a home.
• Back up your data. If your laptop should go missing, a recent back up will enable you to start recovering your work. It will also enable you to inform your company management and law enforcement exactly what information was lost on the missing device. This information is critical if there's a need to inform clients of a potential information breach.
• Protect your back-up data. Keep it locked. Be especially cautious with external drives.
• Protect others' personal information as if it were your own. Don't give passers-by easy access to sensitive or confidential information contained on your laptop. A flash drive can easily be concealed in a pocket and is a simple way of quickly transferring data.
• Beware of 'social engineers' who try to take advantage of your good nature in order to compromise proprietary business information and resources.
• When you travel or commute, your laptop is especially vulnerable - be on guard.
  • Carry your laptop in an inconspicuous bag that doesn't look like a computer bag.
  • In your hotel room, lock your laptop with a security cable for short periods, and use the hotel safe when you are away from your room for longer periods.
  • Keep your arm (or leg, if you set down the bag) through the carrying strap. Coffee shops are becoming a frequent site for laptop thieves to grab and dash, so keep that in mind as you sip your latte.
  • Never leave your laptop or its bag in a visible area of a car.
  • Be aware of your surroundings. Thieves often work in teams, with one acting as a decoy to distract you from your belongings. Pay attention.
  • Be aware of the close proximity of others on an airplane or in a crowded public area. Save confidential or sensitive work for a more concealed setting.
  • If you plan on taking a nap while on an airplane or public transportation, stow your laptop in its case.
  • Secure a name tag or business card to the top of your laptop. This makes it easier to recognize when you send it through airport x-ray machines, and helps facilitate a return if it's lost.
• Consider using an alarm or locating device for your laptop. There are a number of security products that can silently trace your laptop and notify you of its location once it's connected to the Internet. Some vendors of this type of software are: Ztrace (www.ztrace.com), Absolute Software (www.absolute.com), and Xtool (www.xtool.com).
• Install remote locking software. This is similar to tracking software. It's an online tool that enables you to remotely lock down sensitive files. Remote File Lock is a product offered by Trend Micro (www.trendmicro.com)
• Have an IT professional overwrite or destroy your digital media (such as a CD, diskette, hard drive or backup tape) before donating or discarding your laptop. IT or security professionals can help you store, encrypt, transmit and process sensitive online and paper-based information in a secure manner to avoid unauthorized disclosure of information.
• Never leave your laptop unsecured in your office or workstation, even if it's "just for a minute." Treat your laptop like you would cash --lock it up and take the key with you. It only takes an intruder seconds to enter an office and steal personal property and information.
• Quite simply, reduce confidential data stored on your laptop. Before you leave your office, you should seriously consider the type of information you have stored on your laptop.

¹ Processor, May 19,2006
² http://www.awlp.lorg/awlp/press/html/press-06laptops.jsp
³ Robert Siciliano at IDTheftSecurtiy.com, 24/7 Press Release October 10, 2006
⁴ http://Denver.bizjournals.com/Denver/stories/2007/09/10

Websites that are referenced in this article are not supported by, sponsored by, or affiliated with Aon Corporation and are listed only as an additional resource.

The NAIFA Professional Liability Insurance Program is administered by Affinity Insurance Services, Inc.; in CA, MN and OK, AIS Insurance Agency, Inc. (CA Insurance License #0795465) and in NY, AIS Affinity Insurance Agency.

X-6770-808

Download the article as a PDF

Risk Management