MyLaptopGPS

Researchers at Carnegie Mellon University related in their September study that breach-notification laws have only reduced identity theft by about 2%. This is a pretty alarming statistic, considering more than 40 states have adopted the law. Now, Nevada legislation is working to nudge that statistic up a bit with its newly enforced data encryption law.

According to Ben Worthen’s article in the Wall Street Journal, Nevada is the first state (Michigan, Massachusetts and Washington plan to follow suit) to adopt laws that will force businesses “to revamp the way they protect customer data.” The law requires all businesses to encrypt personally identifiable customer data that are transmitted electronically.

However, this law does not just affect Nevada businesses. It spiderwebs out to all out-of-state companies with operations or customers in the state. National Life Group, based in Montpelier, Vermont, is one of thousands of companies that are scrutinizing the new law. Information Security Officer Andrew Spiers told WSJ, “We do business in all 50 states so we’re definitely reviewing [the new security laws].”

Though some companies are frowning upon this addition — which is going to be quite costly (especially in the country’s current financial crisis) –others are nodding to the money that this new law will save them in legal fees. The law dictates that all companies with the encryption in use are only liable for up to $1,000 in damages to each customer involved in a data breach. Without encryption, companies are liable for any potential lawsuits, including the added charge of negligence since they failed to cooperate with the newly passed law. In the long run, having the new data encryption can save billions of dollars in legal fees, though up front it will be slightly costly.

The Massachusetts state government estimates that a business with 10 employees will need to spend up to $3,000 starting out, and another $500 a month to comply with the encryption law. Larger companies assess costs to be the same per employee.

While they’re still on the data security subject, it would be wise to add a service like the laptop tracking provided by MyLaptopGPS — because despite encryption policies, laptops will inevitably be stolen. It’s better to have the encrypted data back in the right hands than floating around cyberspace somewhere with no way to recover it.

So, Nevada… think about that little addition.

With the United States facing a financial slump rivaling that of the Great Depression, it comes as no surprise that US citizens have little interest in what’s going on up north. However, up in Montreal, there’s another situation altogether.

In late September, National Bank of Canada reported a laptop that had been stolen. In the Reuters article written by Lynne Olver, the bank’s head office commented that “the risk of fraud or identity theft was ‘minimal.’”

Later in the article, Denis Dube –spokesman for the bank– said names, addresses, and bank reference numbers for its mortgage customers were in the database on the laptop, though the bank declined to mention exactly how many clients are affected.

As the sixth largest bank in Canada, they’ve got a bit of informing to do. The bank claimed it would “protect clients by informing them quickly about the event.” The bank suggested that clients report unauthorized transactions in accounts, and promised that any damages would be compensated if necessary.

Fortunately, according to Dube, no personal data such as social insurance numbers (equivalent to the US’s Social Security program) or credit information were stored on the laptop.

Regardless of the so-called “minimal” risk of fraud and identity theft, it’s amazing how easily any technologically adept individual could access the laptop and the files. And with important information such as bank reference numbers at stake, it’s highly unlikely that this theft was merely a random crime.

The National Bank of Canada could have avoided this upset altogether with proper security measures. The simple registration of any laptop online at the MyLaptopGPS website ensures the protection of secure files like bank reference numbers.

Well, maybe next time, eh?

Children are inherently innocent, and it follows that we should do as much as possible to protect them from worldly evils. But when their names, addresses, birth dates, phone numbers, and holiday plans can be accessed by complete strangers, it seems we are doing them an injustice.

A laptop containing data of 250 children, all applicants for the new BBC series Gastronauts, was stolen from a car in an Ikea parking lot in early August. Objective Productions, the third-party production company working for the BBC, possessed the laptop at the time of the theft, and both the BBC and Objective Productions are taking care to ensure that the children’s sensitive data is not currently at risk.

In an article published in Computer World UK, Objective Productions comments, “The theft was from a car in an Ikea car park,” and refuses to comment any further.

Contrarily, the BBC, who is taking the incident very seriously, released a statement to the parents of the Gastronaut applicants saying, “There is absolutely no evidence this data has been misused [...] Since this happened, CBBC suspended new commissions and carried out a comprehensive review of Objectives’ practices and we are now satisfied security of data is strong enough for production to resume.”

Security Analyst for McAfee Greg Day highlights that while minute information like holiday time may seem insignificant, “to a criminal this can offer a great opportunity to target this person and their home.”

Though the BBC assures that the data on the stolen laptop has not been accessed, still there is considerable risk–especially to the children who can neither prevent nor protect themselves from criminal activity without adult help. Laptop theft security helps ensure that these kids, or anyone at all, don’t have to look over their shoulders on holiday.

Almost 14,000 people — the size of a small American town — today may be susceptible to identity theft due to a single robbery of a laptop computer.

Rochester Institute of Technology discovered that on August 25, a laptop containing the names, Social Security numbers, and birth dates of nearly 14,000 people had been stolen from an office of the National Technical Institute for the Deaf.

Information dating back to 1968 on these individuals is currently in the hands of an unknown party. In a media statement reported by the DemocratandChronicle.com, RIT Chief Communications Officer Bob Finnerty claims, “We don’t know if that information has been accessed or not,” and went on to suggest that all individuals affected by the theft contact a major credit bureau and place a fraud alert on their credit file.

Finnerty also notes that RIT consistently reviews and updates their security, and that the processes are currently being analyzed to see if and how they can be improved.

The irony, though, is that these nearly 14,000 people would have been spared the time and drudgery of calling credit bureaus and checking credit scores — would have experienced none of the anxiety attributed to potential identity theft — if RIT’s mobile computer had been equipped with laptop tracking security technology such as that provided by MyLaptopGPS.

One incident of identity theft surely should be enough to encourage protection, but certainly, almost 14,000 victims’ possible screams mean change ought to be in order. Any such screams, after all, should be heeded.

Imagine the following:

Traveling on business, you visit a trendy café at the airport. There’s work to do, and you might as well complete it during the two hour–long layover. After purchasing that frothy frozen drink and tipping the counter attendant, you score the perfect spot, a booth by the window. As you power on, however, you realize that you forgot a napkin, which you’ll need for that frothy frozen drink. So you walk to the counter to fetch one while your machine idles. Less than 10 seconds later, you return to an empty table. To your horror, a thief has stolen your computer. But it’s not even your computer, really; it’s the company’s, and it contains unencrypted payroll data, including Social Security numbers and other identifying information, on your employer’s 11,000 employees.

Welcome to the MyLaptopGPS blog on laptop computer security. The scenario you just read happens every day. In fact, research from Ponemon Institute reveals that nearly 640,000 laptop computers go missing at U.S. airports each year. This translates to 12,000 per week. It’s happening across the pond, too: Nearly 1,000 laptop computers go missing every week at London’s Heathrow Airport alone, Ponemon researchers also find.

What happens at the rest of the world’s airports? Surely they add untold thousands to these numbers. Furthermore, 47 percent of these mobile machines store client, customer or consumer data. And guess what? Sixty-five percent of business travelers do not take steps to protect the confidential or sensitive information contained on their laptops when traveling on business.

In other words, in the hands of competent identity thieves, these machines are goldmines.

Between airports and everything else, laptop theft marches on at a breakneck clip. Click here for our continually updating chronicle of the highest-profile thefts. Looking at the costs associated with these high-profile thefts, our Realtime Estimated Damage Index (REDI™) has already tallied nearly $400 million this year, and our conservative extrapolation of the REDI—to include the not-so-high-profile incidents—projects the price tag for laptop theft to be somewhere in the vicinity of $1 billion by the end of 2008.

That’s a lot of money. Obviously, the situation would be dire without protection for laptop computers. And far too many individuals and organizations fail to install any kind of anti-theft technology on their laptop computer.

But we at MyLaptopGPS are on a mission to change that. In our minds, the way to do so is through awareness—awareness of just how widespread laptop theft has become, and awareness of just how simple and affordable laptop security can be.

After all, we’ve developed a highly effective way for individuals and organizations alike not only to track their stolen laptop computers, but also to retrieve and delete important data from them even as the machines are in thieves’ hands. And we also help organizations to inventory and tag entire fleets of not only laptop computers, but also any other kind of mobile computing device.

Internet-based GPS underpins our service—and it’s an inexpensive service at that, far eclipsed by the potentially catastrophic hit to the finances that comes with just one lost laptop. Again, think identity thieves, who steal laptop computers not for the hardware, but for the information on them.

Come back to our blog often. We welcome your visits. When it comes to laptop computer theft, we’ll keep you updated on current events, the latest research and more.