In early 2011, a British Petroleum employee lost a single laptop which cost the company $2.78million in fines. The laptop contained personal information of 13,000 individuals claiming compensation for the Gulf of Mexico oil spill. The laptop was password protected ,however, the data it contained was not encrypted.
According to the Ponmen Institute, the cost to a business of a lost laptop is $49,2461.This figure takes into account of lost productivity, potential fines for data breaches and replacing the equipment. Given this cost, it is no surprise that corporations around the globe invest in policies and training to reduce the risk of a loss and limit the impact when they do occur.
Measuring the emotional value of a laptop is more difficult than the financial value. It is clear that students will engender a laptop with much more emotion than a corporate employee would.
For a student, it is not just a laptop; it is not just the pictures stored, the music bought or the coursework. It is the cumulative effort and emotion attached to the laptop, and what it enables a student to do. The emotional cost and feeling of lost security could be said to be greater than any financial cost incurred by a company.
Taking corporate policies and translating them into the classroom can form an important part of technology education. These guidelines can help with data protection and back-up, generating strong passwords and preventing viruses on not just laptops but tablet PCs and even smartphones too
Theft And Loss
Laptops, tablet PCs and smartphones are highly sought after by criminals due to the high resale value they command. Sadly, students are in the highest risk group to fall foul of a robbery with the 15-24 age brackets accounting for 47% of all incidents reported in 2010.
Corporate laptop policies target these users through physical security measures aimed at making their laptops less
- An ordinary laptop bag clearly indicates the contents. If possible, carry the laptop in a less obvious bag with a padded laptop compartment
- Never leave a laptop unattended in public places
- Wherever possible, use a laptop security cable to secure the laptop to a piece of heavy furniture or suitable fitting. These cables are not extremely secure but they can cost as little as $10 and will deter opportunistic thieves
- When not using the laptop, lock it in cupboard or cabinet even when in the home
- Never leave a laptop in view in a car. Always put the laptop in the boot or if practical, take it with you
Replacing lost or stolen hardware costs a business much less than trying to replace the data it contains. If corporations are motivated to prevent customer data and corporate secrets falling into the wrong hands, students need to be concerned about school material being lost and personal material being compromised.
- Protect the laptop with a strong password
- Carry out regular back-ups of important data. Backups can be put onto a USB memory drive or into ‘Cloud’ storage solutions such as Dropbox or Live Mesh – free storage space is available with most services
- Never store material on a laptop of a sensitive nature in an unencrypted format. This could include banking details, passwords, pictures etc.
- As soon as a loss occurs, take steps to protect online accounts by resetting passwords that may be stored in the web-browsers memory. Typically this will be email access, social network sites, shopping sites and forums
Strong Password Policy
The number one “Worst Password of 2011” is “password3”. This is followed by “123456”, “12345678” and “qwerty”. This list was put together by Mashable.com and is based on millions of passwords posted online by hackers in an attempt to get people to change their bad password habits.
Once identified, a password does not just give access to the website or laptop it refers to but also gives a starting point for hackers to attack email accounts, social networks and bank accounts.
Guidelines from the industry suggest the best passwords to be 9 characters long, contain a combination of uppercase and lowercase letters, numbers and characters.
Using phrases and substituting numbers and symbols for letters can make easy to remember and difficult to guess combinations.
According to the website howsecureismypassword.net, the word “facebook” used as a password would take a hacker 13 minutes to guess. Changing it to “F4c3b00k” increases the time to guess by to 10 days. Changing it to include symbols (“F4c3b0()k”) will increase it to 12 years. Adding a little more text, “F4c3b0()k_rocks” will increase the time take to guess it to about 2 trillion years.
Any single word which appears in the English dictionary or any name of a person, place or thing close to the person will be easy to guess for a hacker once they decide to target it. Unfortunately, people still choose a family member, partner or pet name as their password, all of which is easily accessible on social network sites.
Organisations have strong guidelines on how passwords should be managed to ensure that each username and password combination remain secure:
- Never use the same username and password for multiple sites – if one is compromised, the rest will be at risk
- Use 8 characters or more; include uppercase, lowercase, numbers and special characters. Separate words with an underscore or hyphen
- Manage your passwords with online or offline tools such as Lastpass.com or KeePass for windows and 1Password for Mac and Windows.
In 2009, a scan of 22million PCs found that over 48% of them were infected with malware – malicious software designed to capture personal information used in online fraud. The most common method of spreading a virus is through attachments in emails and links in social networks or instant messaging services. These links normally attract the victim by looking as if sent by a trusted friend and containing a ‘hook’ – exclusive pictures, gossip or other content.
Once infected, a PC may operate normally as the software runs in the background and captures information. The virus will often attempt to send a copy to any contacts listed on the PC email software or social network site.
In-a-two-pronged approach, corporate laptops target viruses through software and the users’ behaviour.
- A commercially produced virus protection software must be installed and updated at least monthly
- All updates from the operating system manufacturer must be installed when notified. These will normally be from Microsoft, Apple or Linux
- Avoid opening any email attachments unless they are expected. If in doubt, confirm with the sender before opening
- Always scan any email attachment before opening. This should happen automatically if virus software is installed
- Monitor and respond to any virus or security warnings from your computer
- Do not install any unlicensed or illegal software. These often contain Trojan software to infect the PC or Mac
Educate to Protect
Corporate laptop policies are enforced through the employment contract and training. This is an attempt to change established behaviours of the majority of workers for whom laptop PCs, memory drives and tablet PCs are relatively new tools. The opportunity to educate today’s students before they enter the employment market will not only ensure they adhere to company policy, but promote a safer offline and online experience.
By taking the lead from corporations where there is a strong financial motivation to develop robust policies, teachers are able to play a critical roll fostering and promoting the right behaviours in students to protect their equipment and personal data.
Tony Renkin is founder of Tamper Evident. He gives working advice on security in a range of areas such as transportation, education, healthcare, government and legal areas. Tony can be contact on 1300 726 711 or through www.TamperEvident.com.au
Latest posts by Education Technology Solutions (see all)
- Cricketing legend, Glenn Maxwell Encourages Kids to Upskill in Maths and Coding - October 20, 2021
- BenQ Launches World’s First Mini Portable Projector with 2.1 Channel Audio - October 1, 2021
- Students looking to become Sportstech entrepreneurs invited to access world-class expertise in ‘The Business of Sport’ Pre-Accelerator Program - September 28, 2021