Forgot your password?
typodupeerror

Handling Corporate Laptop Theft Gracefully 197

Posted by Zonk
from the it-hurts dept.
Billosaur writes "From NPR, we get a Marketplace story about the theft of corporate laptops and the sensitive data they may contain, specifically how to handle the repercussions. From the story: 'TriWest operates in about 21 states. It's based in Phoenix, Arizona. In December of 2002, somebody broke into the company's offices and stole two computer hard drives.And those hard drives contained the personal information of 550,000 of our customers from privates in the military all the way up to the chairman of the Joint Chiefs of Staff.' How they handled the situation earned them an award from the Public Relations Society of America."
This discussion has been archived. No new comments can be posted.

Handling Corporate Laptop Theft Gracefully

Comments Filter:
  • by suso (153703) * on Friday May 12, 2006 @03:00PM (#15320206) Homepage Journal

    Tip 1: When you make your get away, float above the carpet like a feather caught in the wind.
    Tip 2: If you encounter security or other obstacles, aim for the biscuits.
    Tip 3: Make sure you check the laptop for any homing devices that will help them track you down.
    Tip 4: The password is usually the username with 123 at the end or the their children's ages.
    Tip 5: Get the evidence out of your hands as quickly as possible to beat the feds.
    Tip 6: Relax and enjoy reading the next day's headlines on Slashdot about stolen private information.

  • by GillBates0 (664202) on Friday May 12, 2006 @03:10PM (#15320290) Homepage Journal
    How they handled the situation earned them an award from the Public Relations Society of America.

    You mean they handled the situation (and the laptop) with a single three-fingered hand [publicradio.org]? That is quite impressive.

    Creepy though.

  • Explosives (Score:5, Funny)

    by Infernal Device (865066) on Friday May 12, 2006 @03:20PM (#15320365)
    All laptops with sensitive information should be equipped with a remote detonation device and 10 grams of C4.

    Not to stop the criminals.

    For the entertainment value ...
  • by Doc Ruby (173196) on Friday May 12, 2006 @03:39PM (#15320549) Homepage Journal
    Moderation -1
        100% Troll

    I guess the PR of the Year Award comes with a free subscription to AsTrollTurf Inc.
  • by MarkusQ (450076) on Friday May 12, 2006 @03:43PM (#15320578) Journal

    There's very little you can do after the fact (though the C4 idea above was cute). The key is to do what somewhere I once worked did: make sure that there are effective corporate policies in place long before hand to make sure that laptop thieves don't profit when they get their hands on sensitive information.

    For example:

    • Have policies that make corrupting corporate data easy, but correcting it tedious/impossible.
    • Give different departments "ownership" of different data and encourage them to distribute it to people who need it via e-mail (hand copied from the application), screen shots, or exported spreadsheets that do not correctly propagate column names.
    • Encourage employees to edit the e-mails to produce versions of the data that they think are more accurate, and distribute them with names like "New (revised) revision of Q4 draft data dump--updated, with corrections by MQR for some of the errors introduced by BC in Q3"
    • Have data retention policies that assure that every laptop has at least twenty such interpretations of any key data on it at any time.
    • Prevent the addition of new columns to databases, and instead encourage users to reuse existing columns (Title, Address_line_2, Retirement_date, ROI_projection, Collateral_damage, NSA_contact_name etc.) that are otherwise underutilized.
    • Make test data by permuting fields (and words/digits within fields) between rows of live data. Do not clearly distinguish live data from test data, to assure that some of these will end up on laptops as well.

    With a few simple precautions like these, you can be sure that the bad guys may steal the laptop, and the data, but they won't have any more idea what to do with it than you do.

    --MarkusQ

  • by zakezuke (229119) on Friday May 12, 2006 @03:44PM (#15320591)
    I think we all know that the real question here is, in a straight, clean fight, who wins, Airwolf or Bluethunder?.

    Remember kids

    Red Dawn + Bluethunder = Purple Rain

  • by Beryllium Sphere(tm) (193358) on Friday May 12, 2006 @05:39PM (#15321561) Homepage Journal
    >How close to perfect do you have to get to be good enough?

    XOR the data with itself. Since the key is the same length as the data, cryptanalytic attacks don't apply. Anyone who doesn't have the data, by definition, doesn't have the key. The ciphertext contains no clues to the plaintext and, in contrast to most crypto systems, is highly compressible. An additional convenience is that you can generate the ciphertext from one of the standard special devices without even needing the plaintext.

    Some might argue that this is a lossy process, but you can always XOR the ciphertext with the key and get back your original data.

    Pretty perfect, huh?

    (yes of course I'm kidding)

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (4) How many times do we have to tell you, "No prior art!"

Working...