Employers rushing to stem data theft tide

Encryption 'the most significant step'
The portable computers are usually protected by passwords needed to boot them up, but the data on their drives are still accessible. Encryption, on the other hand, scrambles the information and would render it useless to a thief without a digital key that decrypts the data.

A variety of encryption tools are available, including software as well as specialized chips.

But many people are reluctant to use them because losing the key can make it hard to access the data and the programs can slow down data access, said Alan Paller, director of research at the SANS Institute, a computer-security organization in Bethesda.

That could change as computer manufacturers start selling laptops with encryption built in. Microsoft's Windows Vista operating system, due late this year for businesses and early next year for consumers, is expected to make it easier for users to encrypt all their data.

Many states now require companies and organizations that store personal information to inform the public when the data leaks. But those laws generally don't make reporting obligatory if the lost data were encrypted.

Some companies that have lost laptops are responding with better security measures.

Ernst & Young, which has 30,000 laptops used by its highly mobile staff of consultants, is encrypting all contents on the computers, according to company spokesman Charlie Perkins.

But in February, as the policy was being implemented, a laptop that hadn't been encrypted was stolen from an employee's car. With it went the names, addresses, and credit card information of about 243,000 customers of Ernst & Young client Hotels.com. Perkins said there is no evidence any of the data was misused.

"We evaluated our polices in this area across the board," he said. "Encryption is the most significant step."

Of course, security measures can only work if they are actually used. In several cases, laptops were lost or stolen when employees violated company rules by leaving them in parked cars or in their homes. And data that are supposed to be encrypted by an employee sometimes aren't.

MORE FROM SECURITY

Security Section Front

‘Black screen of death’ for some Windows users Facebook to overhaul privacy structure Red Tape: Will piracy crackdown bring iPod border checks? Internet activists push for greater democracy EU assembly adopts Internet, phone user rights 'Mr. Right' grifts widow's $50K in Web scam U.K. cops arrest people ‘just for the DNA’ Virus attacks ‘jail broken’ iPhones China attacks ‘biased’ U.S. cyber-spying report Chinese military Web site target of cyberattacks Security Section Front   Add Security headlines to your news reader: