MyLaptopGPS

In another standard incident, Oregon Health and Science University reveals that one of its doctors had a laptop stolen from her car parked in front of her house.  OHSU says that the information on the laptop was “password protected” and was limited.

“The information included patient names, treatment dates, short medical treatment summaries and medical record numbers. No home addresses, billing information and Social Security numbers were stored on the laptop.” Or, so says the report.

Here are our standard elements:

1. The laptop was stolen from a parked car.
2. The breaching organization says that the information was “password protected,” insinuating that that constitutes some bona fide protection.
3. The breaching organization claims ID theft is unlikely.

All of these are standard boilerplate for such a breach, but there’s no mention of trackability, remote data deletion, or encryption.

For those affected, OHSU says you’re not at much risk. Hopefully that’s a comfort to you. Hopefully.

Since a recent Ponemon Institute study revealed almost 12,000 laptops per week lost or stolen in US airports alone, and that the worst spot for loss/theft is the security checkpoint (no surprise there), it’s worth a tip at that very point.

I have to be careful, since I have previously recommended that folks not carry a laptop bag that is obviously a laptop bag at all–it screams “Laptop inside! Come steal me!”

But as you consider what your travel repertoire will include, take a look at the many “checkpoint friendly” cases out there. The TSA has now allowed certain models to go through the security checkpoint without having to be removed from the bag.

Click here for TSA’s regulations on what can pass right through, effecitve August 16, 2008.

Then, Google for some options. Here’s a sample Google query to get you started.

If you don’t have to stop, remove your laptop, reassemble your entire life’s set of personal effects on the other side, and scramble to your plane, you are much less likely to be one of the distracted victims of laptop theft/loss at the checkpoint. Using a fast, TSA-compliant laptop bag can help that.

If possible, also find a model that doesn’t look like a laptop bag at all! If you find one, let me know and I’ll include it here.

This week’s Rip of the Week actually involves an iPhone, not a laptop. But it was entertaining enough that I couldn’t resist!

A man used some handy applications and services for his iPhone to track a thief down and recover the phone. Read the story at his blog.

One thing to carefully note here is the danger of personally pursuing a thief. Honestly, this man is lucky he wasn’t shot, mugged, or otherwise harmed. I have actually corresponded with some on Twitter who have been assaulted trying to recover property.

Bad idea! Let us do it for you.

Interesting: back on May 27, my Tip of the Week was entitled “Assume Your Employees Ignore You.” I described how employees really pay little attention to company policy, or even actively break it.

Then, two weeks (to the day) later, Ponemon Institute released another superb study, sponsored by IronKey, this time entitled “Trends in Insider Compliance with Data Security Policies” with the following subtitle:

“Employees Evade and Ignore Security Policies”

If you are tempted to accuse me of collusion or conspiracy here, as if I was actually in on the Ponemon study, hold back! I had no involvement and knew nothing of the impending release. What I did know was the truth: employees evade and ignore security policies!

The study is full of juicy statistics that prove this critical, bottom-line fact.

So, this week’s Tip of the Week is to use good technology to “beat” employees. Not physically (I am pretty sure that’s illegal). Rather, defeat them. I hate to foster an adversarial relationship, but if you set policies designed to protect your business, and the employees undermine them, then in the end you need to employ methods to ensure effective protection.

A big piece of the puzzle is to develop good relationships with employees–the study itself even indicates that as employee good-will rises, non-compliance decreases, as we might expect.

But don’t rely on warm fuzzies to protect your critical data. Use unobtrusive technology designed not to be seen, heard, or messed with by employees. MyLaptopGPS is certainly one example, and IronKey’s own products are more examples.

Here’s a fun one for this week’s Rip of the Week. A thief in Boise, Idaho fled from police on a bicycle, with a stolen laptop.

KTVB.com reports that the crook tried to dump the laptop, but no dice. Many thanks to @news4Boise on Twitter for the tip.

It’s good that they nabbed him, and this also diverts one’s mind from the 75,000 more people breached by a stolen laptop from Irish energy company Bord Gáis.

This tip will draw one of two responses from each and every reader.

1. Duh!
2. True, I really should, but…

The first folks–the “duh” crowd–will exclaim that this is just dead obvious. Of course regular, automated backup is absolutely essential, they’ll say. Every one of us is only seconds away from a hard drive crash, spilled coffee, or theft, all of which could toast our data. Duh!

Unfortunately, these “duh” people will be shouted down by the other crowd, which outnumbers them about 20-to-1. These are the masses, the crowded sea of people who never back up. They know they should. They know it’s absolutely foolish not to. But they don’t do it. They think it’s hard. They won’t check it out. They won’t just use Mozy.com or Carbonite or any of the great, simple services. They won’t buy a USB hard drive (external) and at least back up there. They just won’t. And almost everybody, even after all these years and technological advancements (and reliance), still falls into this category.

I read story, after story, after story of stolen laptops, where the data lost is completely irreplaceable. Photos of lost loved ones. Childhood photos. Documents. Emails. Memories.

Sure, MyLaptopGPS can recover those, even after the theft. But what about a hard drive crash? There a million ways to lose data, and they’re very, very common.

Back up. Stop making excuses. It’s easy. The alternative is devastating.

In yet another verse out of the same, long song, “Virginia Commonwealth University is notifying 17,214 current and former students of a security breach that may have exposed their Social Security numbers.”

The data were breached on a stolen computer, though the article doesn’t make clear whether the machine was a laptop or a desktop. In any case, it was:

1. Unencrypted
2. Not trackable
3. Not SafeTagged

Surprised?

Additionally, “an additional 22,500 students are being notified that their names and test scores may have also been on the computer. No Social Security numbers were recorded with those names, but computer-generated student ID numbers may have been.”

Security matters.

I’ll need to directly address one of the three most common myths I encounter.

The myth: “I don’t have any sensitive data on my laptop.”

Some businesses and individuals are, thankfully, quick to admit that when their laptops go missing, they’ll be in a world of hurt (and not because of the hardware).

But it’s amazing how many people will say “I don’t really have anything sensitive on my laptop.” Even businesspeople say this!

In response, I have very often offered The Bet. The Bet is simple. I will pay $1,000 for one day alone with the laptop. The catch? I get to post anything and everything I find, right here on my blog, and anywhere else on the Internet I choose. I am not liable for any ramifications of this action.

No worries, right? After all, there’s nothing sensitive or private, or even of interest, on the laptop. So, no worries! Just let me take a days’ gander and post my findings.

So far I’ve never had one single taker.

Stop denying that your laptop has all kinds of information on it that you don’t want others to have. From email to photos to settings to browser histories to documents, it’s a treasure trove–even if you don’t have 1,000,000 social security numbers on it.