Across the judiciary, laptops (and other similar devices) are widely used to bring the office to you―while traveling, teleworking, attending meetings, and even practicing your continuity of operation plans! Compact and powerful, their portability makes them a desirable tool for staying connected and productive―your files, email, and more remain at your fingertips when away from your desk. Unfortunately, with convenience, comes risk.
A 2010 study of 329 U.S. private and public sector organizations reported that 86,455 laptops were lost or stolen over twelve months. Of those, 46% contained sensitive or confidential information, and only five percent were recovered. Where did they go missing? 40% from seemingly safe off-site locations, such as homes, conferences, and hotel rooms; 30% occurred at transportation sites, such as airports, train stations, and taxis; 12% occurred in a worker’s own office environment; and another 12% vanished without explanation. Whether at home, in the office, or elsewhere, be vigilant in retaining possession of your portables.
The costs of losing a laptop are greater than the purchase price
Replacing a lost laptop, carrying case, and software costs money―and there may even be expensive collateral physical damage, such as broken windows or damaged locks―but there are potentially greater “hidden” costs. For example, unauthorized access to sensitive information may result in notifications to affected parties and the associated reputational harm. Also, data that was not backed up will need to be recreated, which may be a time consuming and inexact process. Additional time may need to be spent supporting an investigation. Lastly, time is required to procure and configure a replacement laptop, which may result in lost productivity and the associated burden to help desk staff.
Limiting the likelihood and impact of a lost or stolen laptop
Here are a few tips for limiting the likelihood that your laptop will be lost or stolen and that potentially will limit the impact of the incident:
· Physically secure your laptop in your office or off-site workspace. Use a locking docking station in the office. When out of the office, or if a docking station is not available in your office, use a laptop security cable and attach it to a heavy table, desk, or other immovable object. If neither a docking station nor a cable are available, store it securely, such as in a locked room, a locked drawer, or a hotel room safe.
· Secure your laptop while in transit. Always carry your laptop with you while traveling. Never check it with your luggage. If you’re traveling by car, keep your laptop out of sight. If you can’t take it with you, lock it in the trunk. When you go through airport security, don’t lose sight of your laptop and retrieve it as quickly as possible.
· Protect your laptop with a strong password. Make sure your laptop is configured to require a strong password at start-up or when the screen is locked.
· Store passwords securely. If you want to save your passwords on your laptop, use password-management software (also known as a “password vault”) to store your passwords securely. Don’t store any of your judiciary passwords in an unencrypted file on your laptop or have your Internet browser “remember” any of your login information (such as your JPort ID and password).
· Ensure the information on the hard drive is encrypted. Work with your local IT staff to have full-disk encryption installed on your laptop. The encryption/decryption is done for you automatically and behind the scenes. You won’t notice the encryption, but someone who gains unauthorized access to your laptop or who tries to bypass the laptop password by taking out the hard drive and attacking it directly won’t be able to access your files.
What should you do if your laptop is lost or stolen?
If your laptop is lost or stolen, immediately report the incident to your local IT staff and supervisor. They will decide what should be done in response. Be prepared to assist in any investigation, particularly in the determination of what sensitive information may have been on the laptop.
For more information about laptop security, see the Awareness Brochure Best Practices for Laptop Security.
A 2010 study of 329 U.S. private and public sector organizations reported that 86,455 laptops were lost or stolen over twelve months. Of those, 46% contained sensitive or confidential information, and only five percent were recovered. Where did they go missing? 40% from seemingly safe off-site locations, such as homes, conferences, and hotel rooms; 30% occurred at transportation sites, such as airports, train stations, and taxis; 12% occurred in a worker’s own office environment; and another 12% vanished without explanation. Whether at home, in the office, or elsewhere, be vigilant in retaining possession of your portables.
The costs of losing a laptop are greater than the purchase price
Replacing a lost laptop, carrying case, and software costs money―and there may even be expensive collateral physical damage, such as broken windows or damaged locks―but there are potentially greater “hidden” costs. For example, unauthorized access to sensitive information may result in notifications to affected parties and the associated reputational harm. Also, data that was not backed up will need to be recreated, which may be a time consuming and inexact process. Additional time may need to be spent supporting an investigation. Lastly, time is required to procure and configure a replacement laptop, which may result in lost productivity and the associated burden to help desk staff.
Limiting the likelihood and impact of a lost or stolen laptop
Here are a few tips for limiting the likelihood that your laptop will be lost or stolen and that potentially will limit the impact of the incident:
· Physically secure your laptop in your office or off-site workspace. Use a locking docking station in the office. When out of the office, or if a docking station is not available in your office, use a laptop security cable and attach it to a heavy table, desk, or other immovable object. If neither a docking station nor a cable are available, store it securely, such as in a locked room, a locked drawer, or a hotel room safe.
· Secure your laptop while in transit. Always carry your laptop with you while traveling. Never check it with your luggage. If you’re traveling by car, keep your laptop out of sight. If you can’t take it with you, lock it in the trunk. When you go through airport security, don’t lose sight of your laptop and retrieve it as quickly as possible.
· Protect your laptop with a strong password. Make sure your laptop is configured to require a strong password at start-up or when the screen is locked.
· Store passwords securely. If you want to save your passwords on your laptop, use password-management software (also known as a “password vault”) to store your passwords securely. Don’t store any of your judiciary passwords in an unencrypted file on your laptop or have your Internet browser “remember” any of your login information (such as your JPort ID and password).
· Ensure the information on the hard drive is encrypted. Work with your local IT staff to have full-disk encryption installed on your laptop. The encryption/decryption is done for you automatically and behind the scenes. You won’t notice the encryption, but someone who gains unauthorized access to your laptop or who tries to bypass the laptop password by taking out the hard drive and attacking it directly won’t be able to access your files.
What should you do if your laptop is lost or stolen?
If your laptop is lost or stolen, immediately report the incident to your local IT staff and supervisor. They will decide what should be done in response. Be prepared to assist in any investigation, particularly in the determination of what sensitive information may have been on the laptop.
For more information about laptop security, see the Awareness Brochure Best Practices for Laptop Security.