Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Mitigating Laptop Theft

November 11, 2003
/ Print / Reprints /
ShareMore
/ Text Size+
Laptop computers are notorious for being prime targets for theft in office buildings because they are small, concealable, and are usually not “flagged” by security personnel when an employee or visitor exits the facility. In the United States alone in the last three years, over one million laptops have been stolen. Many personal computer (PC) leasing companies report an average 20 percent loss of laptop computers at the end of a two-year leasing period (10 percent annual loss). Statistical research has shown that the major causes of laptop computer losses in a typical organization are due to:

• Internal loss/theft - 90 percent

• External theft - 10 percent

Some of the major reasons for this internal loss/theft may be due to: a loss of records or inaccurate records as a laptop is transferred from one employee to another, an internal theft ring, an employee who refuses to return a company computer after being terminated, an employee who has given misleading information regarding the location of a computer, a lone thief or a disgruntled employee. Typical perpetrators of external theft include messengers, technicians who are in the facility to repair a piece of equipment, a smash-and-grab thief or an unscrupulous visitor.

Over the years there have been a variety of technologies developed to help mitigate the theft of these laptop computers. However, most of the devices that have been marketed have been primarily mechanical in nature, with a low level of technical sophistication. More recently, some very innovative and inexpensive products have become available in the marketplace, which provide a higher level of protection for PCs. Some of these products are software-based while some of them are hardware-based. What follows is a brief overview of these products.

Tracking

Computer tracking programs are software-based products in several variations. Some of these programs send a stealth email message to a pre-determined email address as soon as the PC is connected to the Internet. This email message will contain the exact location of the stolen PC, along with a wealth of additional information. This information includes the route Internet Protocol (IP) addresses, the name of the person who has logged on, dial-up networking Internet service providers, user IDs, etc. When this message is received via the Internet, the software manufacturer’s in-house recovery agents work with the client and law enforcement authorities to attempt to recover the stolen property. The software can also be set to run on a periodic basis to allow a continual reporting the location of the PC. Other manufacturer’s software programs use a combination of Internet and telephone call tracing to locate the missing computer. Here, the stealthy software waits for a telephone line to be connected to the modem. Upon connection, it dials the manufacturer’s central monitoring theft recovery center to identify its current location. Additional software features of these programs include the capability to remotely and systematically delete all data and user files on the hard disc drive when the targeted computer surreptitiously contacts the theft recovery center. This helps to mitigate a corporation’s legal liability by preventing confidential client information or other sensitive computer data from falling into the wrong hands. Typically, these software programs use less than two percent of a computer’s operating system resources, and then only until they have emailed out their message packets. Most of these software packages are very inexpensive, user-friendly and are available retail for between $30 and $40 each.

The key to success in locating and recovering any missing PC is the ability of the software to track in real time and have an established set of processes, procedures and protocols for working in a collaborative effort with law enforcement authorities. Although these new and innovative software packages have been shown to provide some reduction in incidents of laptop theft in facilities where they have been installed, they may be regarded as only reactive crime measures, since they do not directly inhibit external theft. However, these software products do provide a powerful tool for investigators who are attempting recovery after a theft has already occurred.

Going Wireless

Wireless transmitters and receivers also are used to curtail the theft of laptop computers. These units are two-piece RF-based systems. A small battery-operated transmitter is mounted on the computer chassis, while the receiver is mounted in a convenient location in a room that is within the operating range of the transmitter. When the signal is lost between the transmitter and the receiver during an attempted theft, the receiver will initiate a loud audible alarm that can be heard throughout the office. This type of device is very secure, as random synchronized codes are communicated between the transmitter/receiver pairs to deter a possible compromise of the system. The use of these units may be regarded as proactive crime measures, since they directly inhibit theft and summon help once the computer has left the operational range of the receiver. These transmitter/receiver units are typically available retail for approximately $70.00 for the pair.

This technology also includes active radio frequency identification tags.

Cables and Locks

Cabling systems are devices that generally consist of a high tensile strength cable, a high-security lock and a metal baseplate with high-security screws or high-strength adhesive materials. These devices are simple to install and deter against theft by physically securing the computer to a desk or table. These devices are highly secure and are regarded as proactive security measures. However, they do severely limit any physical movement of the computers from their semi-permanent mounting locations. The cost of these devices varies, but typical costs are generally in the $30 to $90 price range, depending upon features.

Locker storage systems are a less common methodology used to protect laptop computers from theft. Here, an access-controlled locker secures the laptop computer at the end of each workday, while providing an audit trail of all transactions, including any attempts at unauthorized entry. While this methodology works well to prevent thefts during non-working hours, it does little to mitigate incidents of theft during normal working hours of the day.

Video surveillance systems provide a very good means to track and record all activity within an office complex. If the security command and control center is manned, security personnel can immediately respond to any aberrant or criminal activity that has occurred. Even if the system is unmanned as in many facilities, it can still act as an effective deterrent to theft as well as become a powerful investigative tool after an incident has already occurred.

Proactive security measures are one of the most overlooked methods used to mitigate theft. A simple set of corporate security policies and procedures can be implemented as a protective measure. These may include: having all visitors escorted by a responsible employee any time they are within company office space, performing more comprehensive background investigations on prospective employees, keeping better records regarding the assigning of laptop computers to individual employees, instituting a policy of having all packages searched upon leaving the corporate facility and having security personnel maintain a log cataloging the model and serial number of every laptop computer exiting the facility along with the corresponding name of the employee or visitor. While the latter is likely to be considered a bit Draconian and may be met with some stiff employee resistance, it most assuredly will result in a measurable decrease in company laptop computer losses.

These innovative products and proactive measures should be regarded as important aspects to any comprehensive security system. Corporate security directors and facility managers should consider all or some of these when developing their overall corporate security protection plan.

SIDEBAR: Software Benefits

• Ability to work behind firewalls

• Compatibility with all email systems

• Compatibility with dial-up networking

• Compatibility with all anti-virus programs

• Secure 128-bit encryption of the message text

prevents plain text from being transmitted

through cyberspace

__

Some very innovative and

inexpensive products provide a higher level of protection for PCs.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.