Handling Corporate Laptop Theft Gracefully

Billosaur writes "From NPR, we get a Marketplace story about the theft of corporate laptops and the sensitive data they may contain, specifically how to handle the repercussions. From the story: 'TriWest operates in about 21 states. It's based in Phoenix, Arizona. In December of 2002, somebody broke into the company's offices and stole two computer hard drives.And those hard drives contained the personal information of 550,000 of our customers from privates in the military all the way up to the chairman of the Joint Chiefs of Staff.' How they handled the situation earned them an award from the Public Relations Society of America."

Encrypt the disks.

[base3]

Then there's no data loss, and thus no ethical or legal obligation to tell anyone, and thus no need to handle getting caught with your pants down gracefully.

Marketplace != NPR

[Palshife]

ARGH. This is the second time this has been done. NPR does not produce or distribute Marketplace. NPR has nothing to do with Marketplace. It's produced by American Public Media. Please get it right. You're even LINKING TO APM!

Re:Worst. Article. Ever.

[ZombieRoboNinja]

FYI, this story was a followup to a longer story about laptop and identity theft. The original story did indeed focus a lot on data encryption.

From the original article:
"This is Jonathan Zittrain, a co-founder of the Berkman Center for Internet and Society at Harvard Law School. He says he's not surprised that all of this information is walking around on portable computers. People want to be productive on the run, he says. But he says there are pretty sure-fire ways to protect sensitive information. Like, encrypting it, or leaving the data on the main server and remotely tunneling through the Internet to work with it."

Way to declare this the "worst article ever" in the same post you brazenly declare you didn't read it, by the way. A bold move, even by Slashdot standards.

Re:Whole Disk Encryption vs. File/Directory

[Foolicious]

Generally, disk encryption is great if a machine is stolen; however, it doesn't offer you any benefits should the machine be compromised following login of the encyption product (generally at boot). Some products have timeout modes kind of like a screensaver where it forces a login to the encrpytion package following a period of inactivity, but basically disk encryption isn't a safe bet for complete safety. For instance, it can do nothing if someone remotes in to the machine or a "rogue" employee accesses the machine after login. This is where content encryption offers benefits. Disk encryption alone is just a hassle for the user (in terms of an extra password to remember) in order to placate suits who want the company's rear end covered, but don't want to spend the money and resources (which can be substantial) on a complete package that would handle both disk and content encryption. Just my 2 cents.

Re:Aack! Just buy a Mac already!

[wyip]

Windows 2000 and XP Pro are able to encrypt files and folders out of the box. You could just encrypt your profile in 'Documents and Settings' for essentially the same effect as Filevault on Mac. Setup the Administrator account as a Data Recovery Agent for the same effect as the File Vault master password. This is what we're doing for the Windows users in our department who won't or can't switch to Mac. (We're actually using this as a temporary solution while we look at PGP)

Re:Encryption? Priceless.

[mythosaz]

Products from Guardian Edge
http://www.guardianedge.com/ [guardianedge.com]

I'm quite pleased with the encryption product itself, but the guys who package their MSIs need shot :)