Slashdot Mirror

← Back to Stories (view on slashdot.org)

Handling Corporate Laptop Theft Gracefully

Posted by ryuzaki0 on from the it-hurts dept.

Billosaur writes "From NPR, we get a Marketplace story about the theft of corporate laptops and the sensitive data they may contain, specifically how to handle the repercussions. From the story: 'TriWest operates in about 21 states. It's based in Phoenix, Arizona. In December of 2002, somebody broke into the company's offices and stole two computer hard drives.And those hard drives contained the personal information of 550,000 of our customers from privates in the military all the way up to the chairman of the Joint Chiefs of Staff.' How they handled the situation earned them an award from the Public Relations Society of America."

2 of 197 comments (clear)

  1. Encryption? Priceless. by mythosaz · · Score: 5, Interesting

    I work as the senior engineer for the desktop engineering department of a large west-coast healthcare organization with over 20,000 PCs.

    Not only do we encrypt EVERY laptop, regardless of if we think it contains PHI; theft of desktop equipment has prompted us to encrypt EVERY desktop, regardless of if we think it may contain PHI. We also encrypt and monitor every PDA (including phones with sync).

    The software: Millions of dollars.
    Support: Millions of dollars.
    Not being sued in California for losing PHI: Priceless.

  2. why is computer-theft still an issue? by schweini · · Score: 5, Interesting

    i fail to see why computer theft is still an issue - even i implemented a relativly simple, yet, as far as i can see, 'secure enough' system for these situations:
    all 'interesting' files are inside AES256 encrypted container-files wich are mounted via loop-devices.
    if, for some reason, a server or machine reboots, it asks the next higher server for the password it needs to decrypt itself via an encrypted network connection. if a machine is reported as stolen, the server that has the task of sending the passwords gets advised of this, and simply wont send the corresponding password anymore. the peak of this pyramid of trusted machines is an off-site server far, far away. thus, if the hierarchy is broken (e.g. by computer theft) anywhere along the way, it's a matter of seconds to render all information contained on the stolen machine completly useless.
    if i came up with this, surely the admins of REALLY important data can?