Aug 14 2008

Trace Evidence

Security software does the detective work to recover lost university notebooks and protect data.

University-owned notebook computers loaded with tens of thousands of personnel files have gone missing — repeatedly — in the past few years. Theft is a constant threat for universities’ portable computers, but new programs can lead police right to the thieves.

Colleges are recognizing the need for high-tech sleuthing so that when a notebook disappears, the school can locate the machine and prevent theft or misuse of the data residing on it. Such protection comes at a cost, however. “Security is resource-intensive, both monetarily and from a human resources standpoint,” says Jon Schroth, director of technology for the College of Business at Colorado State University, in Fort Collins, Colo.

Device-tracking program solutions that reside in the computer’s basic input-output system (BIOS) can’t be effectively erased or detected by thieves and offer some protection. Phoenix Technologies’ FailSafe, zTrace Technologies’ zTrace Gold and Absolute Software’s Computrace all can trace stolen computers remotely.

The solutions have to be worked into a larger campaign, however, says Rob Enderle, principal analyst at the Enderle Group, in San Jose, Calif. The solutions must be part of an overarching security program because if data isn’t encrypted or the notebook doesn’t connect to the Internet, then any files stored on the computer are in jeopardy.

On the Case

97 percent of stolen notebook computers are never recovered.

The trace technology works in a manner similar to vehicle recovery systems that communicate with police computers when an auto is reported missing, but this technology works only over the Internet. Programs such as Computrace use a small agent loaded onto the notebook to send its location information to the vendor’s monitoring center on a daily basis over the web.

Lewis-Clark State College, Lewiston, Idaho, turned to Computrace tech­nology in June 2007 to protect its notebook computers after its neighbor, the University of Idaho, had several notebooks stolen.

Part of the technology’s appeal, says Jerry Hindberg, associate director of network, digital security and client services at Lewis-Clark, is that it is embedded in the computer’s basic operating system (so even if the hard drive is swapped out of the notebook, the tracing software still works). The software also provides the option of remotely wiping the hard drive clean of information at risk of being accessed on a stolen machine.

In February 2008, the college filed a police report after two student loaner notebooks went missing. The college logged onto the Absolute site to notify the vendor that the machines weren’t accounted for. “As soon as a theft is reported, [the notebook] is scheduled to call in every 15 minutes,” he says. The notebooks were ultimately recovered.

Proof Positive

Colorado State University decided to invest in the computer tracing technology after a couple of its devices vanished. When another nine notebooks disappeared from a campus building in November 2007 in what appeared to be an inside job, Colorado State tapped the Computrace technology to locate the systems.

Soon after the thefts, one of the computers started dialing in. Absolute worked on the investigation with the CSU police department and the local Internet service provider. The computer, along with other stolen IT equipment that was in the same location, was recovered. The thieves had wiped the hard drives clean, reformatted them and were trying to fence the notebooks.

No one questions the wisdom of Schroth’s Computrace investment now. The proof is in the recovery of $40,000 in stolen equipment, which included the lost notebooks. Schroth jokes that all the university needs now is a tracking system for projectors.

Preserve and Protect

Mobility is a game changer when it comes to notebook security. Unlike their stationary desktop brethren, notebooks can practically get up and walk away on their own. To avoid costly losses, universities have to take multiple steps to deter theft, lock down data and recover these systems if they are stolen or otherwise compromised. Multilayered security should include physical measures and technology-based safeguards, but higher education centers also need to take extra care to put the right policies and practices in place to reduce the risk of loss and accelerate recovery in the event a notebook disappears. Here are some of the main defenses you should have in place to ensure your notebooks remain in your possession.

Step 1: Accuracy in Numbers

The first step to solid notebook security is knowing exactly how many notebooks are on hand and to whom they are allocated. This is a basic step, but it is often overlooked as universities add new devices to their rolls and hand out more loaner notebooks to students. Keeping an up-to-date registry doesn’t necessarily require expensive software or long hours to compile and maintain. Colorado State University’s College of Business, in Fort Collins, Colo., created an in-house application to track and manage student reservations for the 100 notebooks the school makes available for loan. An application as basic as a spreadsheet can provide the crucial inventory data for IT, as long as it is kept current.

Step 2: Rules of Order

With so many universities expanding loaner programs to students, having a consistent, enforceable policy for notebook use is essential. Policies should incorporate the basics: identification requirements, length of check out, guidelines for device handling, data storage and access rules, penalties for a late return and where the notebook can be taken. For some students that may be two hours in the library, while other students might get 24-hour access with the proper identification. Many schools configure notebooks so students can’t save data to the hard drive or otherwise make any changes to the device.

Step 3: Get Physical

Physical security plays a multilayered role in notebook protection at universities. First, a security element as simple as a cable lock can have a psychological effect in discouraging thieves. Card-key locks, notebook cabinets and biometric measures can block unauthorized users from gaining access to notebooks and other valuable assets. Finally, educational institutions should consider surveillance devices, such as cameras, which act as both theft deterrents and crime solvers when images of actual thefts are captured.

Step 4: Keys to the Kingdom

Whether it’s research, personnel files or confidential information, notebook data requires an extra level of protection. While universities typically restrict data stored on loaners, faculty computers are another story. Encryption software, which renders data unreadable to anyone but those with the keys to decrypt it, is the best option for safeguarding notebook information. Whatever encryption software a college chooses, it is critical that the IT department establish a consistent policy on its use and educate faculty, staff members and students to ensure its effectiveness.

Step 5: Back Up

Storage backup is not just for desktops. If anything, the high risk of notebook theft makes regular backup of data on mobile devices even more critical. University IT departments need to establish routine backup schedules and determine what course of action to take regarding notebook data in the event a device disappears.