Thumb your nose at computer theft
1 April 2005 | 0
I’ve been ripped off. I’m not talking about paying good money for software that doesn’t work properly or has numerous security faults. Nor the extortionate support and upgrade fees charged to support badly designed and incomplete software. Or about being infected by MyDoom or Netsky, although several lost hours were required to sort out these issues in the last month. Last week I lost a notebook computer.
I’m told that it happens to a lot of people. As usual there are some numbers around that give a rough indication of the miserable company in which I find myself. In the US more than 756,000 computers were stolen in the last two years. The FBI says that a mere 3 per cent of those will ever be recovered. My guess is that Europe is right up there in the league tables with the Yanks on this one, more’s the pity.
Whole lot of thievin’ goin’ on
The 2003 Brigadoon Software Computer Theft Survey, conducted last summer, shed a bit of light on the subject. They say that this survey of 676 global respondents is the first one published that dissected the specifics surrounding the theft of computing devices.
The survey highlights a startling tendency of computers to go walkies. Almost half of the survey respondents (44 per cent) were victims of computer theft in the last 12 months.
Making a bad thing even worse, just 68 per cent of all respondents report they did not have the ability to reconstruct the contents of the missing computer. Most said that they only backed-up data weekly, monthly, rarely or never. Tsk! Tsk! Hardly anybody uses encryption. Nearly 9 out of 10 (88 per cent) of the survey’s respondents did not encrypt the proprietary data on their stolen computing device. Adding to the asset loss totals is the time it takes to get back up and running after a computer goes AWOL. Almost three quarters (72.7 per cent) reported downtime due to computer theft ranging from several days to more than one month.
Laissez faire is evidently the rule. Near 90 per cent (89.6 per cent) of respondent organisations did not have written guidelines on protecting proprietary information on computing devices while travelling. And 95 per cent said that do not have written guidelines mandating encryption of proprietary information. I guess that self-fashioning rods for corporate backs continues apace.
Brigadoon sells software that addresses some of these issues so the company isn’t merely on a public-spirited mission for the good of all mankind. But even with several large grains of salt, the size of the problem the survey reveals is stunning.
I lost my notebook by lending it to my daughter for a school project. She left it in her dorm room in her boarding house and it disappeared one evening. Luckily I had removed all sensitive business content before letting it pass over my threshold so I did not face any of the near-business-destroying compromises in downtime or critical data reconstructionÑbut it still smarts.
So the first thing you can do to minimise the loss is to do what you are supposed to be doing all along – back up! Company policy needs to be fashioned and wedded to IT infrastructure so that it happens with little effort or recollection required by the user. Rather than draconian pour encourager les autres heads on pikes, just make it easier to do than to avoid. Even if you don’t keep a map of the MWD sites in Iraq in your laptop, doing frequent backups and looking after physical security of your computer is common sense, and cheap!
Having assured myself that my insurance coverage did indeed cover the computer when out of the home/office prior to its departure, I was astonished when my claim for a new one under my like for like policy was nonetheless declined. The insurer required that when a computer is taken, a forcible entrance or exit must be shown. That’s a little harsh given that fire laws and schools’ best practice don’t allow locks to be put on study or bedroom doors. My case continues.
However, the lessons for business computer users are there to be learned. Do you have insurance that will really cover loss? If a notebook disappears from a check room at a conference are you covered? You will of course be referred to the sign in the check room that disclaims all responsibility. What if it is removed from an office that isn’t locked up like a bank vault? If your workers are in an open-plan office or cube farm, I’m not sure that you could demonstrate forcible entry or exit.
I worked in an office a couple of years back that had swipe card locks on the sturdy server room door, CCTV and a security officer at the front desk 24×7. Somehow somebody wheeled out a nice collection of Sun boxes early one morning. There was no sign of forcible removal. According to Absolute, another antitheft software supplier, 70 per cent of the solved cases involve an insider so there is that lamentable perspective to consider.
Interestingly, Apple Computers account for a disproportionate share of stolen PCs. Can’t people resist that designer look or user interface? I suspect that it has more to do with the kind of security that is afforded computers that are used by creatives or students and perhaps the higher price that they might fetch in the after market.
Kensington and others make all kinds of cables and locks for securing computers to tables and racks. However, that can certainly compromise the designed-in portability of notebook PCs, to say nothing of the marginal utility of a PDA with a chain around it.
One response to global thievery of computers is a listing of misappropriated property. The burgeoning entries on www.stolencomputers.org are testimony to the scale of the problem. Of course, you would never buy a used computer at a bargain price, but I bet you know a few people that would. I would suggest that at least of a portion of the disappearing computer problem is self-inflicted.
Recently mobile phone users have had a potent new weapon to protect those highly portable and desirable personal accessories from a rising tide of theft: when a mobile phone is stolen it can be de-activated so that it won’t work even with a new SIM card installed. It comes free with every new portable and most old ones in use. The coppers love it because it drastically reduces the incentive to rip off phones. A similar dodge is available for computer users, too.
PC phone home
I like the sound of Computrace from Absolute (www.absolute.com). Computrace is delivered either as a software service or as enterprise software that also monitors usage, upgrades, and so forth.
The neat bit is the Computrace Agent, a silent and invisible bit of software that cannot be detected by an examination of a disk directory or examining RAM.
Absolute has made it almost impossible to erase it off a hard disk and it can survive a hard drive reformat, fdisk and hard drive repartitioning. The Agent can however be removed by an authorised user with the correct password and installation software, or with a screwdriver. If the disk is taken out, the protection for the computer goes with it.
If the computer is stolen, the next time it is connected to a network or a phone line it will make a discrete call reporting through caller ID or IP address were its new home is. Computrace can also employ other tactics for outing the miscreants, too. The authorities love this stuff! Any help they can get solving more than 3 per cent is a Godsend.
There have been a number of successful recoveries that Absolute crows about on its Web site. It is inexpensive enough to be deployed across a company or for a small business like mine. Whether you broadcast the fact of your using it as a deterrent or keep it quiet as a gotcha, I think that Computrace is worth considering. Ztrace (www.ztrace.com) offers tracing as one element of a system of authentication (passwords) and encryption.
However, as our learned friends may inform, proving that it was yours may be more difficult once the serial number label is peeled off your notebook’s underside.
The problem is even more difficult establishing ownership of the 1s and 0s of proprietary company data. Computerwatermark and its eponymous website will sell for the paltry fee of $15.00 a programme that stamps your identity all over a hard disk so that you ownership is nearly incontrovertible. Once again, it can only be removed by screwdriver.
Let’s hope that computer thieves remain comparatively stupid so that the rate of recovery goes up and the incentive to purloin PCs goes down. And for heaven’s sake, if anybody offers you a svelte Sony Vaio for an unbelievably low price, get in touch.