Big U.S. companies are taking tough measures to shore up laptop security amid a rash of thefts.
The actions of Ernst & Young Fidelity Investments and other highprofile victims underscore the balancing act for executives who must weigh the costs of additional security and customer privacy with the financial benefits of a mobile workforce.
"There is a tradeoff between the cost of security and how much security you actually get" says Robert Seliger CEO of Sentillion a datasecurity company.
About million Americans have been exposed to potential ID theft since February as a result of reported data breaches says the Privacy Rights Clearinghouse. In at least instances a fourth of all reported breaches stolen or missing laptops were involved. Few of the laptops have been recovered.
What companies are doing:
&; Ernst & Young started encrypting or scrambling data on laptops for its person workforce in the USA and Canada after a laptop with personal information on about customers was stolen from an employee's car in February.
&; Fidelity accelerated encryption on thousands of employee laptops. The mutual fund giant was the victim of a laptop breach in March that affected data of current and former HewlettPackard workers. It also is increasing training on laptop security and protection of customer data.
&; Aetna undertook several preventive measures after a laptop containing names addresses and Social Security numbers for members was swiped from an employee's car in April. The insurer had employees reencrypt and recertify files. Every company PC was audited to ensure files were properly encrypted. Aetna also tightened restrictions for storage devices such as thumb drives.
Encryption can be pricey. Gartner estimates a company with customer accounts can spend $ to $ per laptop on data encryption. Yet the cost of a data breach is even higher. Companies with customer accounts will spend at least $ per account if data are compromised or exposed not including fines and lawsuits Gartner says.
Walking off with a laptop is easy. Few have alarms and only a few have encrypted data. People also tend to leave them in unlocked cars or unattended at airports says Keith Burt project director of San Diego's Computer and Technology Crime HighTech Team.
As more people store data in a mobile environment laptops have become more attractive to identity thieves says Bob Egner a marketing executive at security software maker Pointsec Mobile Technologies. Personal information sells on the Internet for about $ per stolen record Egner says.