printer friendly version

How much is your laptop really worth?

Losing your laptop can cost far more than simply the price of the hardware.

A laptop is a costly investment. Even the cheap ones that fell off the back of a bus cost a few thousand rand, with a performance machine costing in the tens of thousands of rand. But when you lose a laptop due to theft or for any other reason, the hardware is the least of your worries, insurance covers that, the real worry is what happens to the data on the device. Even if you are paid out for data loss, the impact of having potentially sensitive data in the hands of criminals can be severe.

Statistics from the US show that laptop theft is up 53% year-on-year with 620 000 laptops stolen last year alone. More importantly, the value of the data lost on each laptop averages out to $89 000 per device. With 70% of laptops containing some data that should be kept secure, management needs to take care of the corporate data on their laptops.

Even if a senior staff member in a company has a full backup of his or her data that can be restored to a new device quickly in the event of a loss, few companies realise that the data on the stolen machine is now in the hands of strangers who may use it for competitive advantage, blackmail, to harass the company's client base or for whatever ends they want. Even with a strong password, a Windows-based laptop can be easily hacked and the data stored on it retrieved.

Of course the same applies to whatever operating system one chooses, however, since Windows is prevalent in South African business we focus on it.

Broken windows

In a demonstration of this uncomfortable fact, Hi-Tech Security Solutions saw how simple it is to discover the passwords of Windows XP machines with a nifty tool called Ophcrack, which is available to anyone for free. This application discovered two passwords, including the administrator password on our demo XP machine in less than 20 minutes. Once the administrator password is compromised, the hacker has full access to the machine.

Apparently, Ophcrack can discover any password of up to 15 characters (which includes passwords containing letters, numbers, special characters and spaces) in an hour or less. Even so, how many users use a 15-character password? How many would remember it if they were forced to use it? How many would write it down and keep it somewhere convenient?

The sad fact is that there are many tools of this nature freely available on the Internet. Of course, most are used by people playing around and not by someone targeting your company, but all it takes is one person to steal your customer database or your strategic plans. Would it cause a problem if plans for a new product were stolen and sold to a competitor? And it is as easy to get into a PC as a laptop, with the possible exception that PCs are not as easily transportable, although extracting an easily concealable hard drive takes a minute.

To protect sensitive data people need to use in their daily business from falling into the wrong hands therefore, additional security mechanisms are required. One simple solution that will prevent anyone from getting into a machine no matter how much time they have is SecuriKey.

SecuriKey is a USB device that prevents anyone from logging into a protected computer if they have not inserted the USB token. It supports Windows XP, Vista and Apple operating systems.

The SecuriKey package arrives with two USB tokens in the box, one for the user to keep and one to be kept in a safe place as a backup. All the user does is install the accompanying software, insert the token and there it is. If you do not have the token you cannot log onto that computer. Each set of tokens is unique and part of the registration process is to log them with SecuriKey. Once logged the company can make new tokens for you should both be lost.

The technology

SecuriKey is not simply a normal USB memory stick with some clever software on it. If it was it would be easy to copy it to another USB device. The system works through a combination of hardware and software to provide multilevel computer security.

The SecuriKey USB token contains a custom security ASIC chip which functions as a hardware-based encryption engine. The ASIC includes anti-hacking technology, creating a tamper-proof physical guardian for computer access control and data protection. It offers users three levels of security.

First, SecuriKey provides two-factor authentication for access control. It integrates directly with the Windows and Mac OS X logon user interfaces, combining the user's logon password - something you know - with the SecuriKey USB token - something you have. SecuriKey can also block user access to logging on in Safe Mode.

The second level of security is AES-based data encryption. SecuriKey integrates directly with the AES encryption provided by Windows and includes the SecuriKey Encrypted Volume for Mac OS X. Files and folders can be easily designated for encryption. To decrypt the data, the user must log in with the correct SecuriKey Token and password. Using pre-boot utilities, booting from Linux, using the Mac's Target Disk Mode, and even taking the hard drive out will not bypass the encryption.

The third level of encryption assists users who have already logged in to keep their data safe while they are away from their machines through SecuriKey's Continuous Protection. When the user goes to lunch, attends a meeting or even steps away for a few minutes, simply by removing the token will they ensure their computer is locked against unauthorised use, while allowing existing processes to continue to run in the background. When the person returns, he/she simply plugs the SecuriKey Token back into the USB port, enters the password and access is granted.

During the setup phase, users are able to decide what they would prefer to see happen when the token is removed. The machine can lock, sleep or shut down.

SecuriKey is available in single or multi-user options. In the multi-user option, an administrator can have a set of master keys that grant access to multiple PCs and laptops, while users have keys that only grant access to their own systems.

SecuriKey technology is a simple way to implement strict security policies for corporate computers. The only technical knowledge users need to make use of the device is the ability to insert and remove a USB token, while the result is the knowledge that corporate and personal data is safe, even if the physical device is stolen.

Share this article:

Further reading: