A Data Loss Lesson Learned The Hard Way

I experienced what felt like a death in the family recently when my own laptop was stolen right from my office, along with all of my work, personal financial data, and most importantly to me, family photos. Being a security analyst, I felt a sense of complicity for not being better prepared for this eventuality. Don't let what happened to me happen to you. You can fight back, and on the cheap...read on.By most estimates, the overwhelming majority of damaging data loss happen via stolen laptops and handheld devices. And yet, most IT shops are egregiously underprepared to respond to the threat of damaging data leakage through asset theft, and that includes my own IT shop.

The first thing that occurred to me after I lost my laptop was that I had no capability to remotely destroy the data on my laptop. For most shops running Blackberry Enterprise Server, you may already be familiar with the ability to send a remote kill signal to a stolen Blackberry in the event of handheld loss.

Larger data-loss prevention (DLP) players often focus on complex content filtering technology, and those vendors do a great job at protecting intellectual property and leakage via various TCP protocols. Unfortunately, those same DLP players often lack a truly robust endpoint security feature that includes remote data destruction. Locking down physical ports is an effective way to prevent leakage, and encryption is an effective way to mitigate data loss, but neither is a full proof strategy for ensuring that when your data does fall into the wrong hands, it can be destroyed.

An effective DLP strategy, especially at small IT shops, does not require a huge capital investment. In fact, for cheap dollars, products such as Absolute Software's LoJack for Laptops provide a means to remotely track physical assets, remotely destroy data, while providing verification of such destruction at the same time for regulatory reporting purposes. Inspice offers a similar capability through its Trace laptop tracking and destruction software. Trace's integrated mapping feature allows you to watch your stolen laptop move from thief to new owner in real time, a sick and twisted form of entertainment for sure.

If you have no DLP strategy right now, consider a true bottom up approach that addresses the biggest threats first, the first of which should include a "LoJack for laptops" type of capability. As I cover various larger scale Data Loss Prevention products through a series of Rolling Reviews in InformationWeek Magazine, along with a detailed Analytics report, I'll use this forum to report back on the tools I'm selecting for my own "mini-DLP" implementation for the InformationWeek Security Labs. I'll also do a series of mini-reviews here if I come across a unique product that warrants a closer look.

If you have a success or failure story to tell about your approach to mitigating data loss via stolen hardware, please share it here.