Over here at AlertBoot, one of the examples we give from time to time on how laptop encryption software can protect your data is a what-if scenario: someone stealing your laptop while you’re working at local Starbucks. (We use Starbucks because, as coffee shops go, they’re pretty ubiquitous; at least, they are in metropolitan areas.)
Well, that what-if scenario has become a real, documented one.
Man Grabs Laptop At Starbucks, Trades It For Crack
According to gainesville.com, a man stole a woman’s laptop computer while she was working on it at a local Starbucks. Can you imagine?
You’re sitting at one of those round tables, sipping a cappuccino with extra foam or whatever, your computer up and running; and then, some random guy comes up to your table, grabs your computer, and makes a beeline for the door.
The man, Curtis L. Kinsey, was arrested, eventually–it looks like the police matched him up to a suspect’s description–but not before trading the computer for crack cocaine.
The computer was recovered and returned to the owner. No word on whether the guy who peddled the crack was also arrested.
What kills me about the entire incident is that, if you check out the URL for the article (found at the bottom of this post), you’ll see that the incident was classified as “entertainment.”
Disk Encryption Great For Data Protection
The laptop was recovered, and chances are there wasn’t a data breach…on the other hand, who’s to know? If the laptop’s owner did not have any data security software in place–the most basic, and perhaps worthless, being password-protection and the most secure being encryption software–there’s no real way to know.
Also, take into consideration the following: assume the laptop in question had contained sensitive information, and that there was no data protection in place. Because it took some time to recover the laptop, one must also assume the possibility, if not the probability, of data theft.
However, most would just think “computer lost. Computer recovered. Since nothing is missing, no data breach.” Furthermore, the incentive is there not to report the incident. Doing the “right thing” may end up in someone getting fired–that “someone” being the person who lost the laptop and has to do the reporting.
If full disk encryption (FDE) were used to protect the contents of the laptop, however, there would be no need to worry about such scenarios. Instead, if a computer with disk encryption were stolen, you only need to worry about the following:
Is there any way for the thief to gain the password that will allow access to the computer?
How easy is it to guess the password?
Is there a limit on how many bad guesses at the password can be attempted before the computer locks up completely?
The answer to the first two questions can be provided by the user, and the last one can be corroborated by accessing the encryption policies. Once the answers to these questions are found to be affirmative towards the company’s security goals, everyone involved can rest assured that a data breach will not occur.
And, if the laptop were to be recovered eventually, it’d be easy to tell whether the contents were accessed, since most encryption software keep logs on the dates and times when the computer was accessed.