These costs include

• downtime with loss of productivity
• obtaining and setting up a replacement laptop
• reinstallation of lost data

Potentially serious issues include loss of personal, commercial, sensitive or unique information.

Laptops are often stolen to provide a quick financial gain to the offender.   Increasingly, some laptops are targeted because of the potential information held on them.   This can then be used to gain financial reward from either the owner of the information or an opposition company.   The release of this information could affect reputation, cause embarrassment or have a significant financial effect on the company.

Laptops are stolen from both the office location as well as targeted when traveling away from the office.

Office security

When thinking about the security of your laptops and office computers first consider your physical security (How is a potential offender deterred, detected, delayed and denied). The protective security measures at the office must be effective.

• Ideally laptops should not be visible from outside the building; particular attention should be paid to the ground floor areas
• Desks on which laptops sit must be fitted with a cable locking device. Refer: www.davko.co.nz or www.expansys.co.nz

 Overnight or when away from the laptop for a period of time, lock the laptop into a secure and robust cabinet or if one is not available secure the laptop with a cable locking device and lock the door to your office.

Outside the Office
The majority of laptops are stolen from vehicles. On many occasions user irresponsibility is the main problem.

However, a growing number of thieves identify potential 'targets’ from signs within the vehicle. For instance a suit jacket draped over the seat back indicates that a vehicle is owned by a business person and that the likelihood of a laptop, cell phone, digital camera or other high value item being in the vehicle is high.

• Do not leave a laptop within view in an unattended vehicle; not even for a few seconds (i.e. at service stations, post offices, cafes)
• Never leave a laptop in a vehicle overnight
• Install a proprietary made robust steel cabinet in the boots of vehicles that regularly transport laptops or that may transport laptops holding sensitive or unique information
• Laptops left in vehicles should be turned off (do not leave in hibernate mode), concerns are growing that technically minded offenders are able to scan a vehicle in order to identify signals from laptops that are still on.

Check your car for signs that indicate that technological equipment may be inside

User responsibility
Educating the users of laptops is one of the most important factors in reducing laptop theft. Some companies have well developed policies that include 'laptop user agreements’ which state the user requirements, responsibilities and consequences.

Users should have the risks associated with laptop theft explained to them and be required to sign an agreement that requires them to adhere to company policies and procedures.

Users should also be informed of the need to maintain security of information held on the laptop and how to prevent physical damage from heat, liquids, magnets, and general usage.

Policies and Procedures
A set of policies and procedures should be set up that reflects the level of security required within the company as well as the need to have laptops taken from the office to outside locations.

These policies and procedures provide the basis for staff education, a clearly definable practice which staff need to comply with as well as a management tool to ensure compliance standards within the organisation.

An example of a very comprehensive laptop security policy is at the University of Auckland.
Refer: http://www.auckland.ac.nz/security/LaptopSecurityPolicy.htm

Many businesses have a computer back up procedure that does NOT remove the back up discs off site. This leaves the business in a dangerous position when it comes to recovery following a fire or other emergency.

Backing up your key files in most businesses needs to be done at least once per week. Ideally you carry the disc home or delegate the task to the staff member who completes the back up – ask her to carry the back up disc in her handbag.

You also need to ensure that your software can be resurrected by your IT support supplier, and/or you need to keep a restoration set of software CD’s at home. We find many cases where the back up will not operate on the latest version of software with the older version [that you are using] no longer commercially available.

You should test the back up disc on a regular programme to ensure it is saving what you want it to. It is too late once the fire has been through the business to discover there are serious gaps in your back up programme.

You should annually review and test your existing computer file back up procedures.
 
P.S. Do not forget to back up the boss’s lap top!

KEEPING YOUR EMAIL SYSTEM FULLY OPERATIONAL AND END USERS CONFIDENT

What do I need to be worried about?

• The continuing evolution of Spam
• Blended Threats
• Botnets link to http://en.wikipedia.org/wiki/Botnet and Malware  link to http://en.wikipedia.org/wiki/Malware
  
  
• Other email gateway attacks

What can I do about it?

• DETECT and BLOCK ASAP.
• Ensure your antivirus system is completely up to date with regular scans of your system set up.
  
  
• Make sure you or the designated staff member is kept abreast of all new threats and ensure staff is regularly reminded of these threats and what course of action to take to keep your system free of malware.
  
  
• Keep these tools easy for staff to use.
• Consider installing a different anti virus product on your server from your PCs.
• Check what measures are in place on your website to control incoming web content, traffic etc.

The future?

Botnets are the major problem as prime distributors of spam with the distinction being more blurred between spam and malware with spam being used to advertise and spread threats.  There are and will continue to be cat and mouse games between spammers and anti spammers.  Newer spammer tricks include attaching malware to images and pdf files.

BIOMETRIC SECURITY

Biometrics – the biological form of both identification and verification is considered the most convenient form of identification.  There is no need to remember passwords or have swipe cards to enter premises. It is now becoming more cost effective and more commonly used in SME’s.

Uses for Biometrics in terms of business include:

• Time and attendance recording
• Access controls to securer areas within your business
• Access to photocopiers

Types of Biometrics in use

• Fingerprint – easy, low cost, flexible, compatible with Windows and Novell Operating systems.
• Face recognition – 3D or 2D, digital cameras & special software - lighting conditions
• Iris – highly accurate
• Voice, palm vein and hand geometry

Where and why would you use it

• Passwords are typically increasing in numbers and the requirement to be more complicated therefore people are more likely to write them down
  
  
• Cards can get lost or stolen
  
  
• It gives high levels of confidence in confirming physical attributes to an individual but it must be mentioned that it will not determine state of mind of the individual.

Is there a business case?

Consider three key areas

• security, productivity and financial return on investment

Biometric Spoofing

• likely to occur as systems become more popular but biometric systems are being made much stronger too.
  
  

Acknowledgements:
Security Software - address by Bradley Anstis, VP Products
Breakthroughs - address by Ross Morley Border Security Executive, Unisys Asia Pacific
EMA Seminar 4/11/2007

Printed from the GETBA Website www.getba.org.nz
on