Educause Security Discussion mailing list archives

Re: Stolen Laptops

From: Sherry Callahan <scallahan () KUMC EDU>
Date: Wed, 28 Jul 2010 10:05:01 -0500

We've been installing 3-year licenses of CompuTrace on all of our 4,000+
faculty\staff laptops as well as all of our student tablets since 2006. 
We've averaged anywhere from 1 to 8 stolen devices per year (total of
26) and CompuTrace has recovered 35% of those for us.  They've paid us
for non-recovery of another 42%.  The max recovery is $1,000 or 90% of
the purchase price for new computers and that decreases with the age of
the device.  One laptop that was recovered was just a month and half
old, so we were able to recover $950 out of the $1050 price tag.  If you
do the math, it doesn't seem like a good ROI, but we found that just
being able to track our laptops (CompuTrace is activated by HP before
the laptop ships) and being able to turn the device into a brick (if
needed) made the investment worthwhile.  It's amazing how many laptops
we've recovered from departing faculty\researchers who thought they
could just take the equipment with them when they left.  This seems to
be a particular cultural mindset among the research community.
 
We spend a lot of time educating our users about physical security but,
let's face it....if someone has the opportunity and really wants it,
they're going to get it.  We've had cables cut or yanked out of the
laptop case.  One of our more recent thefts occurred when a faculty
member was stopped at a stoplight and someone walked up, reached in
their open car window and grabbed the laptop.  
 
Honestly, laptops are cheap and it's the data on them that is of
concern.  So we also require McAfee Endpoint Encryption on all of our
laptops, which checks into a centralized console.  The thief  may get
the hardware, but at least we can be assured that we're not going to
show up in the paper the next day because of a disclosure.
 
 

Sherry Callahan|Director of Information Security
UNIVERSITY OF KANSAS MEDICAL CENTER
3901 Rainbow Boulevard,  Kansas City, KS  66160
Office: 913-588-0966        mailto:scallahan () kumc edu

"Bradley, Stephen W. Mr." <bradlesw () MUOHIO EDU> 7/28/2010 8:57 AM

So, at three laptops over say 3 years does that make a good
investment?
 
If you only have 10 laptops to begin with it probably is but if you
have 5,000 I don't know.
 
steve

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SCHALIP, MICHAEL
Sent: Wednesday, July 28, 2010 9:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Stolen Laptops


We use Lojack on all of our laptops * over the past 3-4 years, we*ve
been able to recover 3 laptops.
 
M
 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Maloney, Michael
Sent: Wednesday, July 28, 2010 7:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Stolen Laptops

 
We don*t use Lojack on our campus laptops, but we have had dealings
with them when a student connects to our wireless network with one that
Lojack was activated on.   First time the student disconnected and left
before Lojack got in touch with the right people.  Couple days later
when the student returned, they were in for a big surprise.
 

********************************************
Mike Maloney
Sr. System Engineer
Middlesex County College
2600 Woodbridge Avenue
Edison, NJ 08818
Phone: 732-906-7754
Cell: 908-217-2086
Fax: 732-906-4266
Email: mmaloney () middlesexcc edu
********************************************

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kimberly Heimbrock
Sent: Tuesday, July 27, 2010 1:25 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Stolen Laptops

 
Unfortunately, laptops thefts have been significantly increasing,
(usually in locked offices * after hours) and was wondering what success
anyone has had using Lojack, Prey, or other tools.  Any (affordable)
ideas for increased physical security and software tools that have been
proven to reduce thefts and trace the equipment would be appreciated. 
We will be communicating increased fac/staff awareness as it relates to
the physical security of mobile devices, so ideas to be included with
that message would be great too. Thanks in advance!
 
Kim Heimbrock
Director, IT Policy and Compliance
Northern Kentucky University
(859) 572-5139 
heimbrockk () nku edu
 

-- 
This message has been scanned for viruses and 
dangerous content by MailScanner ( http://www.mailscanner.info/ ), and
is 
believed to be clean. 

-- 
This message has been scanned for viruses and 
dangerous content by MailScanner ( http://www.mailscanner.info/ ), and
is 
believed to be clean.

Current thread:

Re: Stolen Laptops, (continued)
- Re: Stolen Laptops Felecia Vlahos (Jul 27)
- Re: Stolen Laptops Maloney, Michael (Jul 28)
  - Re: Stolen Laptops SCHALIP, MICHAEL (Jul 28)
    - Re: Stolen Laptops Bradley, Stephen W. Mr. (Jul 28)
    - Re: Stolen Laptops SCHALIP, MICHAEL (Jul 28)
    - Re: Stolen Laptops Felecia Vlahos (Jul 28)
    - Re: Stolen Laptops Felecia Vlahos (Jul 29)
    - Re: Stolen Laptops David Bowie (Jul 28)
    - Re: Stolen Laptops Joel Rosenblatt (Jul 28)
    - Re: Stolen Laptops David Gillett (Jul 28)
    - Re: Stolen Laptops Sherry Callahan (Jul 28)
- Re: Stolen Laptops Tonkin, Derek K. (Jul 28)
  - Re: Stolen Laptops Ben Woelk (Jul 28)
    - Re: Stolen Laptops SCHALIP, MICHAEL (Jul 28)
    - Re: Stolen Laptops Ben Woelk (Jul 28)
    - Re: Stolen Laptops Joel Rosenblatt (Jul 28)
    - Re: Stolen Laptops Russell Fulton (Jul 29)
    - Re: Stolen Laptops Beechey, Jim (Jul 29)
    - Re: Stolen Laptops Maloney, Michael (Jul 28)
    - Re: Stolen Laptops Chris Green (Jul 29)
    - Re: Stolen Laptops Ben Woelk (Jul 29)

(Thread continues...)