Educause Security Discussion mailing list archives
Re: Stolen Laptops
From: Walter Petruska <wpetruska () USFCA EDU>
Date: Thu, 29 Jul 2010 11:03:21 -0700
And are you requiring the use of cable locks for laptops and computers in public areas? On 7/29/10, Kimberly Heimbrock <heimbrockk () nku edu> wrote:
Thanks to all for your input so far - just a little more background on what we are dealing with at NKU... Over the past 8-9 months we have had a LOT of theft on campus, particularly laptops. Overall, 36 laptops were stolen since last October (that I know of) - likely by an internal staff member who has keys to lots of campus areas and can go around unnoticed at night and on weekends. Our biggest concern has been the data within, not just the equipment. We have been able to prove that sensitive data resided on some of the systems - so yeah we are on the breach reports :-( As several posts have commented, a layered approach will be employed. We just implemented a new policy for all new laptops to be Encrypted with MS Bitlocker, and are considering desktops too. Macs will be using Filevault as soon as we test more completely. We just licensed Identity Finder and will be removing sensitive data - hopefully all over campus if we can get our users to understand that they need to do so. We continue to increase security cameras and electronic locks as budget permits. Usually we are one step behind the thieves! As one advised, we may look into tracking cameras too. We will be investing in some sort of laptop tracking software, but not sure yet which one. We are leaning toward the tools that allow us to 'push' it out to the systems, so we can make progress without having to touch 1200 laptops individually - which would never get done. From a physical aspect, we will be increasing laptop security education for employees, possibly looking into physical etching, tags, or rfid's, etc. All we need is agreement and budget - easy right??!? We have also added more cameras, electronic door readers, etc. I find that nearly all the time, users 1) do not think they have any sensitive data; 2) it won't happen to them; and 3)don't care to spend time or energy on security. We are trying to push out awareness in heavy doses but user behavior continues to be our biggest risk. Hopefully we are close to catching the recent theft ring, but we will continue with efforts to reduce the issue - especially with laptops. Thanks again to all who posted...very helpful as always. Kim Heimbrock Director, IT Policy and Compliance Northern Kentucky University (859) 572-5139 heimbrockk () nku edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben Woelk Sent: Thursday, July 29, 2010 1:10 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Stolen Laptops To be more specific, we're requiring encryption on university owned or leased laptops. We do not require it on personally owned laptops. We discourage use of personally owned laptops to access university information resources, but the responsibility for authorizing use of personal equipment lies with the respective dean or VP. We do require documented technical controls on ALL laptops that access Private or Confidential information. (This information is in our Information Access and Protection Standard--http://security.rit.edu/iap.html) Ben Woelk '07 Policy and Awareness Analyst Information Security Office Rochester Institute of Technology ROS 10-A204 151 Lomb Memorial Drive Rochester, New York 14623 585.475.4122 585.475.7920 fax ben.woelk () rit edu http://security.rit.edu/dsd.html Become a fan of RIT Information Security at http://rit.facebook.com/RITInfosec Follow us on Twitter: http://twitter.com/RIT_InfoSec -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Green Sent: Thursday, July 29, 2010 12:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Stolen Laptops http://www.educause.edu/sites/default/files/library/presentations/SEC10/SESS11/SPC%2B2010%2Bdisk%2Bencryption%2B-%2Ball.pdf slide 16 is what we did and now do. A big pain point was a lot of personally owned approved devices for work and needing to support encryption on those. There's nothing like bricking an associate dean's brand new "I want to watch movies on a plane and keep up with my UAB work that may include sensitive email" $300 netbook right before a month long trip to France. Don't require it: Expect the edge cases not to do it. Require it: Expect a painful process dealing with edge cases if you don't have a fairly locked down set of hard ware platforms. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SCHALIP, MICHAEL Sent: Wednesday, July 28, 2010 9:16 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Stolen Laptops Are your institutions "encouraging encryption" on laptops, or "requiring encryption" on laptops? We're moving to Symantec Endpoint Encryption (it was GuardianEdge, but they got bought by Symantec - which is actually good for us, since we use Symantec Altiris, SEP, etc.) and will be doing full disk encryption on any/all non-instructional (student use) laptops..... M -----Original Message-----
Current thread:
- Re: Stolen Laptops, (continued)
- Re: Stolen Laptops Ben Woelk (Jul 28)
- Re: Stolen Laptops SCHALIP, MICHAEL (Jul 28)
- Re: Stolen Laptops Ben Woelk (Jul 28)
- Re: Stolen Laptops Joel Rosenblatt (Jul 28)
- Re: Stolen Laptops Russell Fulton (Jul 29)
- Re: Stolen Laptops Beechey, Jim (Jul 29)
- Re: Stolen Laptops Ben Woelk (Jul 28)
- Re: Stolen Laptops Maloney, Michael (Jul 28)
- Re: Stolen Laptops Chris Green (Jul 29)
- Re: Stolen Laptops Ben Woelk (Jul 29)
- Re: Stolen Laptops Kimberly Heimbrock (Jul 29)
- Re: Stolen Laptops Walter Petruska (Jul 29)
- Re: Stolen Laptops Sherry Callahan (Jul 29)
- Re: Stolen Laptops Joel Rosenblatt (Jul 29)
- Re: Stolen Laptops Sherry Callahan (Jul 29)
- Re: Stolen Laptops Chris Green (Jul 31)
- Re: Stolen Laptops Ray McClure (Jul 31)