Re: stolen laptop

["Kjetil Dahl-Hansen" <kjetil.dahlhansen () gmail com>]

Off the top of my head,

Mainly, try to build an inventory of any information that was kept on
the laptop, as detailed as possible. The outcome of this will go a
long way to suggest next actions:
- Did it contain any sensitive or confidential data?
- In particular - did the laptop contain any information about your IT
infrastructure at all?
- Any major works-in-progress that should be loaded from backup asap?
- Did the user store any system login details + passwords in unencrypted files?
- (Mostly for the users own benefit) Did they keep any credit card
details on the laptop?
- Did the user keep any Web-login username/password combinations
stored in Firefox/Explorer that they shouldn't have? (This could be
things like logins to product support pages holding your software
licence details, or an automatic login to sites like Play.com holding
credit card details).
- Any VPN clients that had username/password information autosaved to
networks you care about?
- Any dial-up destinations with username/password information
autosaved, as above?
- Similarly, Wireless access secrets to networks you care about.

You suggest changing the domain password for the user - yes. Do that. Now.

Also, if the PC was built using a standard BIOS and/or local
administrator password that is 'trivial' to crack, change your build
CDs and scripts.

Watching for failed login attempts is something you should (arguably)
always do, if you have the resources.

Make sure that users know that _not telling you when a laptop is
stolen_ is BY FAR a more serious situation than having the laptop
stolen in the first place.

~ Kjetil

On 11 Apr 2007 15:11:57 -0000, security () calowaycrew com
<security () calowaycrew com> wrote:
> Hi
>
> I have a laptop policy about where it should/should not be kept, encryption, etc but what happens if one is stolen?  
> Change the login password?  Check AD for any failed login attempts?
>
> Any checklists much appreciated
>
> Jono