|
The issue of
laptop security within any large organisation is high on the list of priorities
for IT Managers.
Police information indicates that criminals who target laptops are very
organised, planning, monitoring and watching the movements of business
personnel. Laptops are an easy target for thieves, quickly popped into a bag or
under a coat and away! Loss of a laptop could mean loss of critical and
confidential information, causing serious disruption to a business,
embarrassment and financial loss, not to mention the legal implications relating
to the security breach.
Whilst
Managers maintain an inventory of all department laptops and offer simple good
housekeeping advice to employees, such as, never leave a laptop unattended,
don't advertise your laptop, carry it around in a discreet bag, security mark
it, lock it away, use a laptop lockdown device, protect data with passwords and
change them regularly and back up all critical files frequently and routinely,
despite these good intentions, laptop crime is on the increase.
Last
year around 100,000 laptops were stolen from vehicles alone. Add to that figure
the laptops stolen on public transport, from offices and homes and it is easy to
understand that companies claim losses from stolen computers could run as high
as 50,000.
This is
no less of a problem for the Police themselves. The City of London Police
decided two years ago, after several high profile cases relating to the theft of
laptops on trains, to address the problem within their own organisation. Gary
Brailsford, Information Manager in the Technology Unit, based at Wood Street
Police Station, London, was assigned with the task of addressing laptop security
for the force. Gary is responsible for all technical security, as well as
physical security ?door entry systems etc.
Gary
says "We are not too concerned about the loss of the
machine but we do care about the data". Gary wanted a solution that
secured critical data without total encryption, offering scalability and
manageability, which was simple to deploy. Performance was also an issue and he
needed to enforce the usage of the encrypted drive, so it had to be easy for
users. Gary evaluated separate software and physical security options, which he
decided were too complicated, before purchasing KeyDrive ll.
KeyDrive
ll combines encryption software with an authentication key, giving the highest
level of security, with ease of use. The software creates an encrypted virtual
drive which can only be viewed by inserting a key, which has been authenticated
with a user PIN at set up, in the laptop USB port. Files can be read, saved,
copied and deleted as with any other drive, but remove the key and it
disappears.
Prior to
implementation, Gary asked the Cyber Crime Team, highly
trained specialists in data recovery, to try to break KeyDrive with
non-destructive testing but they couldn't! They were able to read the
file name of the hidden file, but were unable to access any data.
The
Police have very specific needs for secure, shared information. For
example, the Covert Operations Team shares a laptop, which can be taken by any
member of the team to different locations. Insertion of the key means the
laptop drive can be sequentially shared by all. Gary comments
"there
is always the problem of security vs. accessibility, but KeyDrive gives us the
balance, a high level of security with a user friendly interface. However,
human error is still one of our biggest risks and we need to influence the
culture of staff."
Probably
the most likely scenario is someone loosing the key. Gary can confirm that this
has already happened, however, the routine recovery process was followed and
Gary confirmed that "it was simple".
|
