Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Data Hardly Ever Dies

February 1, 2007

Flight delays, missed connections and lost luggage have become the standard inconveniences of business travel. Now, on top of these travel horrors, unsuspecting road warriors are facing a new danger: data thieves. These thieves lurk wherever chaos provides cover like airports, hotels and convention centers.

According to a recent survey, one in every ten laptops will be stolen during its lifetime.

For data thieves, a pilfered laptop is as good as gold. The laptop, software included, will fetch about $1,000 on the black market, chump change for an ambitious crook. The real value of the machine lies in the data stored within.

You see, electronic data does not die – it lives on in removable storage devices, lost or discarded hard drives, on CDs and in e-mail. Think of the information that your corporate executives have stored on their work-issued mobile devices. When you take into consideration the intellectual property, customer lists and financial details, it comes as no surprise that a typical laptop contains data worth between one and five million dollars on the black market.

Finding an interested buyer for this pirated data requires little more than an Internet hookup and a bit of technical savvy. The Web is a virtual bazaar for all manner of illicit products, from mass-market goods to those that are highly specialized. Not only will the thief find a buyer, but the Internet practically guarantees that the parties in this illegal transaction will remain anonymous.

Most of the public attention on the repercussions of data theft has focused on the potential damage to consumers. The Privacy Rights Clearinghouse, which as its name implies, tracks cases of privacy breaches, reported in 2006 that more than 93 million individuals had their personal data exposed as a result of a data breach.

Of equal concern should be the injury suffered to individual organizations in the wake of these breaches. What if the data stored on a stolen laptop was to find its way into the hands of an unscrupulous competitor? How would your company’s customers feel about your organization if you could not adequately protect their personal details? Once lost, corporate reputation is exceedingly difficult to rebuild.

In addition, failing to adequately protect electronic data is against the law in many states. A California law requires that any company or individual doing business in the state must notify any resident whose unencrypted data has been lost or stolen. Similar laws have been signed in more than three dozen other states and federal legislation is pending. Some of these laws carry stiff penalties – as high as $10,000 a day – for failure to notify affected consumers.

Hard disk encryption is an inexpensive and readily available way to protect laptops against thieves. With encryption, organizations can maintain control of electronic records no matter their location. They can be secure in the knowledge that this sensitive information is protected from thieves and available only to company-sanctioned employees.

Leaving your company’s data vulnerable to thieves is unnecessary and potentially illegal. We know that the chaos of a typical travel environment provides data thieves with ample opportunities. Hard disk encryption leaves them empty-handed.

About the Source

Warren Smith is with San Francisco-based GuardianEdge Technologies (www.guardianedge.com). He can be reached via email at wsmith@guardianedge.com. The U.S. Department of Veterans Affairs (VA) recently selected his firm’s encryption product after a laptop theft threatened the privacy of some 26.5 million veterans.

Software-based vaults protect enterprise data when workers are away from the office, even if the computer is lost or stolen. Such an approach can be automatically deployed enterprise-wide. Photo courtesy of Rocket Software

SIDEBAR 1: Put that Data in a Vault

Like many organizations, UNICCO Service Company, one of the country's largest facilities services firms, has become increasingly reliant on laptop computers and mobile storage devices. As a result, the Boston-based company needed to take steps to secure its data on thousands of devices so that the information would be secure even in the event of theft or loss. To solve this problem, UNICCO turned to a vault approach (Rocket Software's Mobile Security Suite), which creates computer-based lockboxes that can be accessed by authorized users but are invisible to everyone else.

  "One of the reasons we chose (this approach) is that all of the protection features can be centrally managed," said Bill Jenkins, senior IT director at UNICCO. "More than 70 percent of our workforce is mobile, meaning that they are frequently taking their computers out of the office. Every person that has a laptop in the company may also have a memory stick, so that's also a crucial area of interest for us. Obviously there is a huge potential for loss, so we are committed to protecting that information as well as data stored on laptop computers."

Think Beyond the Laptop ‘Box’

Enterprise security is a growing concern in today’s ultra-mobile business world; yet the focus has been primarily on laptops as the mobile extension of office PCs.

The fact is, mobile devices are quickly replacing even the laptop as the corporate PC is on the move. Be it a BlackBerry, Treo or other smartphone, these devices – complete with e-mail, office productivity, Internet and even mobile commerce applications – are today’s equivalent of yesterday’s PCs. What that means for security is that the de facto standard for computers has now become of critical importance for mobile devices.

Though the impact of a major mobile attack has not yet been realized, there have been enough hints of things to come to warrant taking a closer look at protecting these devices – and the corporate networks to which they are tied. A recent hacker conference spotlighted “BBProxy,” a BlackBerry security tool armed with a major vulnerability: the ability to open an entry point to a BlackBerry from an unrelated external source, such as a laptop – and from there, directly into the enterprise network to which that BlackBerry is connected. Similar exploits could occur via the now-popular Bluetooth wireless standard, particularly in crowded areas such as airports. 

The worst-case scenario of this particular threat is that it can open access to all of the resources to which the infected device has access. In today’s corporate setting, this typically means e-mail, which is the number one function for BlackBerrys and similar devices. We have already seen the damage that PC-based viruses can do by creating a vector of attack into the enterprise e-mail system, whether it’s accessing a company’s e-mail servers or sending out mass e-mail attacks with worms or viruses. If the device has access to more than just e-mail – such as database systems and other proprietary file systems with customer information, passwords, and other sensitive data, the potential for corruption and theft is even greater.

But let’s dial back from the worst-case scenario and think about even the most benign impact such as vulnerability can have: the device being rendered useless. It’s an on-demand type of world in mobile. It’s all about getting e-mails, making calls and accessing files right now, in real time. The moment that access is interrupted, productivity is lost – for the user and for the business itself.

The basic need for productivity is also the reason that security measures must be instituted at the handset level, rather than simply at the network itself. Smartphones have exploded in popularity because they offer total productivity on-the-go. Security measures instituted at the corporate network level, such as restricting or limiting Internet access or downloading capabilities, limit that productivity – and ultimately, the investment in the device. The key to maintaining full functionality is to install anti-virus, message filtering and other protective software directly on the device itself, just as you would on an individual PC. Unlike PC security software, however, mobile security software must carry an extremely light footprint, and should have little to no impact on device performance. Look for software from vendors with specific experience in the mobile security space to avoid made-for-PC solutions that have been “retrofitted” for mobile phones.

The data on the device itself should also be protected in various ways. Here are five action items, which again borrow from the framework of PC security: 
  • Encrypt the data to ensure that unauthorized users cannot access the data even if the device is in their possession.
  • Implement a remote lockdown or erase capability that can be issued as a command from the network server in the event that a device is lost or stolen.
  • Set up a remote backup server to frequently sync with the device and store data that might otherwise be lost if the device goes missing, or its operating system crashes.
  • Institute access control and identity protection measures (passwords, etc.) for sensitive files or applications.
  • Install a firewall on the mobile device to block unauthorized access to the device, its data, and its network connections.


About the Source

George Tuvell, CEO of SMobile Systems, works directly with leading wireless carriers, device manufacturers and enterprises around the world to identify and address mobile security concerns. Contact George at geot@smobilesystems.com or visit www.smobilesystems.com.

Put a lock on those office computer USB ports to control access and reduce leakage. Photo courtesy of PC Guardian

SIDEBAR 2: Protect those Ports

Many chief security executives know that office computers can have “legs” or are vulnerable to “leakage.” That’s why physical anti-theft security products for laptop and desktop computers and peripherals play a significant security role. Enterprise level businesses use them; colleges, universities and healthcare facilities use them.

At the same time, office equipment is getting more sophisticated with read/write CD and DVD burners and USB ports that accommodate flash drives and even hand-sized external hard drives.

Technology is catching up with the new-age threats.

For example, recently introduced USB port security systems (one source, PC Guardian) address the risk to data and networks from data theft, data leakage, viruses and malware by physically blocking USB ports while simultaneously allowing continued use of authorized USB devices.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Business Matters: Data Never Dies

    See More
  • Top 3 Misconceptions About Data After Death - Security Magazine

    Data and the Life Ever After

    See More
  • test

    CISOs are changing their ways amid their toughest environment ever

    See More

Related Products

See More Products
  • The-Complete-Guide-to-Physi.gif

    The Complete Guide to Physical Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!