Businesses tackle laptop theft data security risks

Businesses are using encryption, thin-client and other security technologies to tackle the increasing problem of laptop theft and the associated risk to corporate data.

An exclusive investigation by silicon.com earlier this month revealed a sharp rise in the number of laptops stolen in the UK, while in recent months organisations such as Marks & Spencer, the Metropolitan Police, the Nationwide building society, Serco and Worcestershire County Council have been among those hit by laptop thefts.

Half of silicon.com's 12-strong CIO Jury IT user panel said they are using or planning to use hard disk encryption to protect corporate data on laptops, while the other half said they use other security methods.

Ian Auger, head of IT and communications at ITN, said: "We don't encrypt but we do have technology to remotely erase the hard disk on a stolen machine."

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Investment bank Mitsubishi UFJ Securities International also doesn't use encryption but does not allow any data to be stored on the laptop's hard disk.

Graham Yellowley, director of technology services at Mitsubishi UFJ Securities International, said: "The laptop is password protected at boot time and all data is accessed from the servers located at our main site using Citrix as a secure interface to the data."

Others favour the encryption method. Mark Foulsham, head of IT at online insurance company eSure, said: "We have a strict policy regarding laptops. We believe it is one of the devices that has to be well controlled. We have also just introduced fingerprint technology for USB devices and staff are only allowed to use memory sticks provided by the IT department."

Nick Masterson-Jones, IT director at payments body Voca, said: "It's mandatory for all our laptops to have the hard disk encrypted."

But Paul Hopkins, IT director at Newcastle University, said more needs to be done to discourage theft in the first place by improving the capability to track stolen laptops.

He said: "I would love to find a free piece of software which I could offer to put onto all university and student laptops, and smart phones, which would be able to send 'stealth messages' back to a source after the laptop had been stolen. Hopefully the police would then be able to prosecute such people."

Today's CIO Jury was...

Ian Auger, head of IT and communications, ITN
Neil Harvey, head of IT, Food Standards Agency
Mark Foulsham, head of IT, eSure
Paul Hopkins, IT director, Newcastle University
Jane Kimberlin, IT director, Domino's Pizza Nick Masterson-Jones, IT director, Voca
Andy Pepper, director of business IS, Tetley
Jacques Rene, CTO, Ascend Aerospace
Richard Rundle, IT director, BAA
Richard Steel, CIO, London Borough of Newham
David Supple, director of IT, creative services and communications, Ecotec
Graham Yellowley, director of technology services, Mitsubishi UFJ Securities International

Want to be part of silicon.com's CIO Jury and have your say on the hot issues for IT departments? If you are a CIO, CTO, IT director or equivalent at a large or small company in the private or public sector and you want to be part of silicon.com's CIO Jury pool, or you know an IT chief who should be, then drop us a line at editorial@silicon.com