Data destruction: taking laptop security beyond passwords, encryption.

• Author: Roberson, Cam

For some time, you've been reading about the risks of data exposure. And while we believe that businesses have gained the upper hand in dealing with hackers, a new threat is emerging--lost or stolen PCs, specifically laptop computers.

According to research firm IDC, as much as 60 percent of corporate data resides unprotected on desktop and laptop computers. Client information, intellectual property, customer identity files, financial plans and other sensitive information are just one misstep away from compromise.

And according to a CSI/FBI survey, one in 10 laptops will be stolen. Of these, less than 3 percent will be recovered.

The potential cost of even a single lost PC, including negative publicity, regulatory non-compliance and legal liability can be staggering.

State and federal lawmakers have stepped in with legislation to better protect personal identity information, including the California Security Breach Act (SB 1386), which mandates a business that owns or licenses electronic personal information must disclose any security breach of the system to any resident of California whose personal information was, or reasonably believed to have been, acquired by an unauthorized person.

Other federal legislation includes the Health Insurance Portability & Accountability Act; the Financial Modernization Act of 1999, popularly know as the Gramm-Leachy-Bliley Act; the Fair and Accurate Credit Transactions Act of 2003; and the Sarbanes-Oxley Act.

Clearly, companies must take absolute care to ensure data security. But where to begin?

IT professionals have stressed the use of strong passwords, data encryption, tokens (a portable user authentication device that is usually read or plugged into the computer), biometrics and data backup plans.

However, security measures such as strong passwords too often rely upon the end-user for efficacy. Users routinely select passwords that are easy to remember--birthdates, children's names or other personal information--so they can access their computer quickly. While easy to remember, these passwords also are easily cracked via multiple means.

But laptop security is moving to the next level, from a system that relies on the user for security to one that puts controls in the hands of the business.

DATA DESTRUCTION

An emerging data protection plan is data destruction--software that can reach out and eliminate data from a computer after the business has lost the device.

Data destruction provides an absolute, final...