[funsec] Laptop Lockdown

Richard M. Smith rms at bsf-llc.com
Wed Jun 28 10:41:37 CDT 2006


http://online.wsj.com/article/SB115145402822192505.html?mod=technology_featu
red_stories_hs
 

Laptop Lockdown

Companies Start Holding Employees
Responsible for Security
Of Portable Devices They Use for Work
By M.P. MCQUEEN
June 28, 2006; Page D1


The burden of lugging around laptop computers for work around the clock is
getting heavier as companies place more of the responsibility of guarding
against theft and other security lapses on their employees.

A number of companies, including Aetna
<http://online.wsj.com/quotes/main.html?type=djn&symbol=aet>  Inc., Fidelity
Investments and the U.S. unit of ING
<http://online.wsj.com/quotes/main.html?type=djn&symbol=ing> Groep NV, are
revising their policies about how employees should handle confidential data
stored on computers. Many employees are facing new restrictions on who can
take confidential records out of the office and are receiving special
training on how to keep data secure. Workers found violating security
policies are being disciplined, or even dismissed.

Boeing <http://online.wsj.com/quotes/main.html?type=djn&symbol=ba>  Co. now
requires laptops to be physically locked with a cable to a stationary object
at all times, whether they are in offices, conference rooms or a car, so
that no one can walk away with them. The aerospace giant has stepped up
enforcement of a rule that confidential data must be accessed only on
company servers, not stored on laptops. Boeing officials have started
conducting random audits of laptops to check for unauthorized or unsecured
files.

Some companies, including Aetna, the big health insurer, have begun telling
employees that they can't use their own portable digital assistants such as
Palm Pilots and BlackBerrys on company computers without permission. Other
companies are disabling extra USB connections on workplace computers to make
sure employees can't attach those accessories. And some even ban MP3 players
in the workplace, security experts say. All these devices may lack
encryption, and can be used to smuggle out confidential data.

"Employees are the weakest link" in securing data, says Jon Oltsik, senior
analyst for information security at Enterprise Strategy Group, an
information-technology industry analysis firm.

Before traveling on business, Marian Mays, payroll operations manager in
Boeing's Seattle office, has started having her laptop examined by the
company's security personnel to make sure she doesn't have any sensitive
data stored on it. Once she is on the road, logging on to the company's
server requires multiple passwords. "You just have to deal with it," she
says. "We get creative with the passwords."

...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linuxbox.org/pipermail/funsec/attachments/20060628/969d26ec/attachment.html


More information about the funsec mailing list