Product Design Process
Laptop Theft is on the Rise
Laptop and Notebook thefts are on the rise.
The affordability and portability of these devices has led to an increase in their personal and corporate use. In addition, more companies of all sizes are setting up employees in home-based offices, requiring them to be more mobile. The result has been a growth in laptop and notebook security issues in the form of:
The affordability and portability of these devices has led to an increase in their personal and corporate use. In addition, more companies of all sizes are setting up employees in home-based offices, requiring them to be more mobile. The result has been a growth in laptop and notebook security issues in the form of:
- Increased Laptop theft;
- Increased Notebook theft; and
- Increased Mobile data security theft and issues
Laptop Theft Statistics
Laptop Theft Statistics According to the statistics, business travelers lose more than 12,000 laptops per week in U.S. airports and one laptop is stolen every 53 seconds!
According to Safeware Insurance Agency Inc., over 600,000 laptop thefts occur annually, resulting in an estimated $5.4 billion loss of proprietary information.
The FBI notes that 97% of stolen laptops and computers are never recovered.
According to the 2003 Annual Computer Crime and Security Survey, the value of the information in an average notebook is US$250,000.
A 2007 survey by McAfee and Datamonitor notes that a data breach involving personal customer information could cost a company, on average, $268,000 in reporting expenses--even if the data is never used. And one third of the companies surveyed said that a major security breach had the potential to put them out of business entirely.
The fact that laptops are light and portable increases the risk of laptop theft, presenting a number of hardware and software data issues for IT Security Managers everywhere.
According to Safeware Insurance Agency Inc., over 600,000 laptop thefts occur annually, resulting in an estimated $5.4 billion loss of proprietary information.
The FBI notes that 97% of stolen laptops and computers are never recovered.
According to the 2003 Annual Computer Crime and Security Survey, the value of the information in an average notebook is US$250,000.
A 2007 survey by McAfee and Datamonitor notes that a data breach involving personal customer information could cost a company, on average, $268,000 in reporting expenses--even if the data is never used. And one third of the companies surveyed said that a major security breach had the potential to put them out of business entirely.
The fact that laptops are light and portable increases the risk of laptop theft, presenting a number of hardware and software data issues for IT Security Managers everywhere.
How To Secure USB Thumb Drive
The security risks associated with the use of removable storage devices—especially USB thumb drives—keep government IT managers up at night. The US Department of Defense (DOD) had actually banished flash drives and other removable storage devices in November 2008 when it was discovered that the source of a virus spreading through military networks was a USB thumb drive. Last February, DOD lifted its two-year-old ban on flash drives and other removable storage media, but imposed the most draconian restrictions on their use.
Under the department's new rules, only authorized personnel can use portable storage media, and the drives must be government-procured and owned and can only be deployed in mission-critical operations. In addition, users and devices are subject to random audits.
Despite the formidable security risks, USB thumb drives and other removable storage have the undeniable utility of being small, portable and inexpensive. Navy Department chief information officer Robert Carey, head of a DOD "Tiger Team" charged with setting removable-media policy, has acknowledged that USB thumb drives are extremely useful for data transfers between computers, including operating system patches and antivirus updates, especially in constrained areas, such as on the battlefield or aboard ships.
But the USB thumb drive problem extends beyond well beyond DOD. These flash drives "have become ubiquitous," said Karen Scarfone, a computer scientist in the US National Institute of Standards and Technology's computer security division. "I think users tend to think of them as harmless. They don't understand the security risks of using those devices."
USB thumb drive encryption not enough
In the last two years, industry has stepped up to improve the security of flash-drive use, said Scarfone, co-author of NIST's Guide to Storage Encryption Technologies for End User Devices (.pdf) (Special Publication 800-111), which addresses removable-media security issues.
For example, a range of vendors now offer software that provides centrally administered and policy-driven control over access to removable storage media and encryption of the data they contain.
"Any sort of managed solution is going to be preferable in terms of security," she said, adding that fully encrypting the data on the drive is an important step but it has be coupled with an authentication mechanism that restricts access to the data. "If you don't require authentication, the encryption doesn't do any good," she said.
When encrypting the data on a drive, you should also encrypt the file name, said Joseph Balasanti, vice president of marketing for WinMagic Inc., a firm that works with Defense Department agencies on data security. "You could learn a lot about what a file contains simply by the name you give it," he said.
Current best practices for protecting data on portable storage devices embrace full disk encryption plus a key management system, Balasanti said. In addition, "you want to have a central methodology of installing, configuring, deploying and managing these encryption agents," he said. When keys are managed by a server and then synchronized with Active Directory, only authorized users can use portable devices to share data, he said.
The latest software also will let managers "white list" USB flash drives by brand, model and serial number so that only those devices will work on authorized machines, Balasanti said.
Source
Under the department's new rules, only authorized personnel can use portable storage media, and the drives must be government-procured and owned and can only be deployed in mission-critical operations. In addition, users and devices are subject to random audits.
Despite the formidable security risks, USB thumb drives and other removable storage have the undeniable utility of being small, portable and inexpensive. Navy Department chief information officer Robert Carey, head of a DOD "Tiger Team" charged with setting removable-media policy, has acknowledged that USB thumb drives are extremely useful for data transfers between computers, including operating system patches and antivirus updates, especially in constrained areas, such as on the battlefield or aboard ships.
But the USB thumb drive problem extends beyond well beyond DOD. These flash drives "have become ubiquitous," said Karen Scarfone, a computer scientist in the US National Institute of Standards and Technology's computer security division. "I think users tend to think of them as harmless. They don't understand the security risks of using those devices."
USB thumb drive encryption not enough
In the last two years, industry has stepped up to improve the security of flash-drive use, said Scarfone, co-author of NIST's Guide to Storage Encryption Technologies for End User Devices (.pdf) (Special Publication 800-111), which addresses removable-media security issues.
For example, a range of vendors now offer software that provides centrally administered and policy-driven control over access to removable storage media and encryption of the data they contain.
"Any sort of managed solution is going to be preferable in terms of security," she said, adding that fully encrypting the data on the drive is an important step but it has be coupled with an authentication mechanism that restricts access to the data. "If you don't require authentication, the encryption doesn't do any good," she said.
When encrypting the data on a drive, you should also encrypt the file name, said Joseph Balasanti, vice president of marketing for WinMagic Inc., a firm that works with Defense Department agencies on data security. "You could learn a lot about what a file contains simply by the name you give it," he said.
Current best practices for protecting data on portable storage devices embrace full disk encryption plus a key management system, Balasanti said. In addition, "you want to have a central methodology of installing, configuring, deploying and managing these encryption agents," he said. When keys are managed by a server and then synchronized with Active Directory, only authorized users can use portable devices to share data, he said.
The latest software also will let managers "white list" USB flash drives by brand, model and serial number so that only those devices will work on authorized machines, Balasanti said.
Source
Download White Papers
Electronic Product Design Best Practice | |
File Size: | 56 kb |
File Type: |
Best Practices for Managing and Enforcing USB Security | |
File Size: | 313 kb |
File Type: |
Guide to Storage Encryption Technologies for End User Devices | |
File Size: | 285 kb |
File Type: |
USB Drive Security | |
File Size: | 18 kb |
File Type: |
wp_bestpracticesformanagingusbsecurity.pdf | |
File Size: | 883 kb |
File Type: |
Copyright © 2010-2011 Deltagate Technologies Sdn. Bhd. All right reserved.