Computer theft is becoming more of an issue every day. Laptops are getting smaller – which makes them easier to forget and easier for somebody to steal. Laptops are being used in more places – restaurants, coffee shops, libraries, airports which means more opportunities for theft. At the same time more and more anti-theft tools are becoming available for laptops. However, as a business you need to what’s more important - the laptop or the contents of the laptop.
The reality is that most everybody wants to be the detective who solves the case. Look at the number of TV shows about detectives. Look at the number of mystery novels. The intrigue of solving a crime captures the imagination of many people. Playing off of this aspect of human nature, there are more and more tools that are designed to help you catch a laptop thief and recover the laptop.
Consider Prey which advertises that it “helps you find your stolen laptop by sending timed reports to your email with a bunch of information of its whereabouts.” I should not even really use the world “advertise” because Prey is a free product. Prey is open source and available for Windows, Mac, and Linux. All they ask is that “if you ever recover your computer by using Prey you buy us a round o’ beer.” So adding Prey to your data protection plan is as inexpensive as it gets.
But for a business there are so many flaws in this “detective” approach.
The report that Prey sends you includes the general status of the computer, a list of running programs and active connections, fully-detailed network and WiFi information, a screenshot of the running desktop and — in case your laptop has an integrated webcam — a picture of the thief. Now all this data is cool and could potentially help solve a crime and recover your laptop.
But wait, the report tells you the list of running programs which means somebody is accessing all your programs. Which means somebody could already be pretending to be one of your employees. Somebody could have already accessed data on this computer.
Plus Prey only works if it can access an Internet connection so that means that the criminal has already connected the PC to the Internet and could be uploading, copying and even sharing your data. In the extreme case of actually catching a thief using the laptop and using the data – the Prey report could actually be used as evidence of a data breach and be used as evidence against your company by somebody suing for damages. In the worst case scenario, the data might not help you catch the crook and it is then used in court against you – a wonderful lose-lose scenario.
There are a myriad of products like Prey on the market or getting ready to enter the marketplace. They are good products – we don’t intend to criticize their quality. The question you need to ask is – “What matters the most to your company – the laptop or the data on the laptop.” If you truly have no data that requires security/privacy than Prey and it’s counterparts could be an awesome addition to your security plan. However, if the data on the laptop is more important than the laptop than you should be exploring options like data encryption that ensure that the data on the laptop is secure and cannot be accessed by a thief.
Catching a thief, and even catching a thief on a webcam is far more exciting than protecting data – but given the potential economics of a lost laptop it is probably far less important for most IT managers.
