Computer Security vs Computer Theft
by Simon Russen

Kensington, the leader in the notebook security market, recently conducted a study of IT professionals, which shows that physically securing computers may be more important to a company’s bottom line than we realise. The cost of a notebook stolen or lost is largely underestimated. To reduce this cost, should Companies institute mandatory security policies that hold each and every employee accountable?

Value of stolen/lost computers is underestimated by 1500 percent:

In one of the key sections of the study, respondents were asked to provide a cost estimate associated with the loss of a laptop computer. Initial estimates averaged £4,000. But when respondents were reminded to take into account all aspects of costs (loss of employee productivity, theft of confidential business information, lost revenue, lost data, procurement of new hardware and replacement of critical data) estimates nearly tripled to £11,500.

However, this figure is still incredibly short of the loss estimates indicated in the CSI/FBI Computer Crime and Security Survey (Spring 2001). This study found that companies self reported losses from stolen computers could run as high as £68,000.

Many of the 230 respondents in the Kensington study were not only “surprised” and “startled” by these numbers, but also embarrassed by how much they underestimated the cost of lost computers and data. “Oops,” said one respondent, simply. “It makes me want to lock down everything, or physically attach all laptops to the users,” concluded another.

Lack of Employee Accountability is No. 1 Barrier to Effective Computer Security

While nearly every company has established computer security procedures, a lack of individual employee accountability often negates the effectiveness of those measures.

To determine the perceived effectiveness of various security measures, respondents were also asked a series of questions about their computer security policies and procedures. The vast majority of respondents indicated that they employ a mix of safeguards, including antivirus software, firewalls, and passwords to protect their company networks. However, the majority of respondents expressed frustration that many of the security measures they implement are less than optimally effective because employees aren’t held accountable for following company-wide standards and procedure. In fact, individual employee accountability surfaced as the No. 1 barrier to executing effective computer security measures.

Physical Security Devices Deemed Effective, But Not Used Enough

Nowhere was this more evident than in the area of physical security. More than 80 percent of respondents indicated that physical security measures such as computer cable locks are an effective deterrent to theft. However, only 32 percent of those surveyed actually deploy physical security safeguards. Kensington believes this 80/32 split is evidence that employees are not held responsible for using physical security devices as a matter of company policy.

“This study tells us definitively that we need to do more to ensure that the security measures we develop are implemented as effectively as they should be,” said Phil O’Neill, European Director Kensington. “More specifically, this study tells us that companies should institute mandatory security policies that hold each and every employee accountable for the security of the computers and important data they use. It also tells us that perhaps we, as employees, haven’t take as much responsibility as we should, because many of us do not fully understand the true value of a lost or stolen computer.”

Further details of the study are available from Kensington Europe Headquarter, Kent, UK by contacting Delphine Donné at 1732-881-521.

57% of network break-ins are committed using stolen computers:

Physical security for desktop and notebook computers is more than just protecting valuable assets. It’s about protecting company data – and the company computer network. Data left on stolen laptops can jeopardise an entire company. Files and databases all reside on computers and put a company at risk.

To help IT Managers and Corporations evaluating the cost of computer equipment stolen or lost, Kensington Technology Group have created an informational website, www.microsaver.com. It includes an interactive Return-On-Investment Calculator that allows IT managers to easily calculate the true value of hardware and data theft, as well as their associated costs and payback figures resulting from an investment in basic physical laptop security. In addition visitors can find suggestions and tools to make computers more secure such as corporate security policies, industry resources and surveys.

A practical solution to the safety of the equipment:

Kensington Technology Group, developer of the Kensington Security Slot built into more than 98 per cent of all notebook computers, and also into flat screens monitors, docking stations, CPUs, video projectors, have become the industry standard for physical computer security. IT managers also have access to various key options (master key or like key options), for a better security management of the hardware equipment of the company. For more information, please visit the websites www.kensington.com or www.microsaver.com.