Laptop Data & Identity Theft

The use of laptop computers is great! It gives us the portability and freedom to work and surf the Internet: a true benefit for consumers and corporate users. Unfortunately, laptops expose individuals and organizations to an inherent risk of data theft which may lead to fraud, and identity theft. Although it is also true that smartphones are widely used and deployed, laptop theft is considered the second most common security concern after malware.

According to 224 IT professionals surveyed earlier this year by Check Point, a security company, less than 30 percent use data encryption and only 47 percent of users have access to a VPN that connects to the main office. These numbers are dangerously low: making it easy for data to end up in the wrong hands. IT professionals should make it one of their top goals to prevent data leaks within their company and to brief everyone within their organization some information about the use of corporate machines outside of the organization’s office.

Although this post’s main objective is to pin-point the blame on businesses’ IT departments for not having encryption and contingency policies in place, consumers should also be aware of these issues.

Data Leakage

Data leakage can be defined in multiple ways; i.e., an employee transferring files using a USB device or emailing files home to a personal account. For the purposes of this blog post, I am referring to data leakage as the loss of data through a laptop computer.

Few are aware of how easy it is to extract data from a laptop whose hard drives have been left unencrypted. I’m not talking about photos and videos from your latest trip to Mexico (although some may want to hide those for other reasons).

An unencrypted hard drive gives the ability for a computer user to do some of the following:

  • Extract cookies, Internet history, browser preferences such as auto-login passwords which could lead to access to websites like (Facebook, Gmail),
  • View locally stored email cache,
  • View word and excel documents,
  • Connect to your Virtual Private Network (or VPN),
  • Misc. computer configurations, and
  • Personal information.

It doesn’t take a sophisticated user to do some of these things. However, if your machine were to end up in the hands of a black hat hacker, the amount of data they could harvest from your machine could be extensive.

Most thieves aren’t black hat hackers.

A thief can steal a laptop during a home robbery or when your bag or laptop is left unattended, even for a second. Since laptops are portable, they’re an easy target for thieves to run off with. You are unlikely to see your machine and its data again unless you have some preventive mechanisms installed. Absolute Software’s Lo-jack software offers a subscription based service capable of aiding law enforcement to finding your lost or stolen laptop.

Although it is usually up to the end user to keep his or her device secure, whose responsibility would it be if your laptop had access to civilian tax records that was stored on the network drive of the machine? Surely, you weren’t aware that you had so much confidential information on your machine. What now?

IT’s Responsibility & Data Encryption

It is up to your IT department to help protect you, your company and your customers from having crucial information exposed by a lost or stolen laptop. Tools have been developed for many years which offer ways to hide sensitive data by disk encryption. Disk encryption makes it nearly impossible for a simple computer user or even a black-hat hacker to read the content of the drive. All the data on the drives are encoded with a specific key which is only accessible by authorized users and specific laptops. The key is unique for each laptop and is usually stored on a Trusted Platform Management (TMP) chip which is only extracted once an authorized fingerprint is swiped, or when a special hard-drive boot-password is entered before the computer boots up. This also prevents other portable boot-disk utilities from booting up and running tools such as password crackers or Linux live discs from reading the contents of the drive. Hard–drive encryption would prevent these easy-to-use software which can be downloaded online by anyone.

Historically, setting up hard drive encryption has been a pain. Today, with Windows 7 Ultimate and Enterprise editions, BitLocker is an embedded extension to the operating system. It offers IT professionals a fast and easy way to monitor, manage and deploy drive encryption to their machines, at a low cost too. There is little excuse for not implementing encryption.

Legal Issues

I did some digging for some stats on corporate laptop theft and legal ramifications. According to a report done by the Ponemon Institute [PDF] for Dell Computers in 2008, approximately 12,000 business laptops are lost per week. If 30 percent of IT departments have hard-disk encryption implemented, only 3,600 laptops will be protected. This leaves a staggering 8,400 laptops and their companies vulnerable to data leakage and threats.

During my work-stint with NBC Olympics, I learned some shocking information from one of my full-time NBC colleagues in regards to corporate laptop data. My colleague mentioned that California state law requires companies to notify all parties involved and publically announce exactly what happened when a laptop is stolen or lost. Organizations may also be required to protect stolen or lost identities and compensate victims. The California government can also take your company to court for failing to provide adequate protection of its citizens. It doesn’t matter where your company is based or if your company conducts business in the state, the California government can and will prosecute you as long as you are within the USA.

A website called Privacy Rights Clearinghouse ( keeps an online database of data breaches and other issues regarding identity theft of US citizens. Ironically, the company is located in San Diego, California. It’s amazing how many instances are reported week.

Given proper IT policies and guidelines, corporate data leakage can be minimized. If only 30 percent of organizations have methods of preventing data leaks from laptop theft, should we be worried about what sort of data companies are storing about us and whose hands this data can be in?

Further Reading:

Mobile Coverage in Guelph, Ontario

To this day, it is hard to find properly documented information regarding cell coverage in certain areas. Although the big 3 providers in Canada do cover a vast majority of urban areas, there are still coverage holes in certain areas. Guelph, mainly on campus, is one of them.

Now I aim this post at anyone who goes to or is thinking about going to the University of Guelph. Although something like this should have been written a few years ago, better late than never, right? Hopefully this will give some insight on which mobile networks work and don’t work at the University of Guelph. After all, a university student needs to stay connected with his friends, doesn’t he?

The Big 3

I refer to the big 3 providers as Rogers, Bell, and Telus. Although there has recently been a few new providers starting up in Canada, I don’t believe they have any market penetration in Guelph at this time or in the near future.

In my opinion, Bell and Telus have very similar coverage. They share cell towers around the country and have numerous other agreements in other service areas. Bell and Telus also launched a new HSPA+ network last year. This has been nicknamed the “Bellus” network. For the less technically inclined person, the Bellus network is a 3G (3rd generation) cell phone network which brings their cell phone speeds on par with Rogers and the rest of the world. All the ads you see on TV today are advertising the current Bellus 3G network.

Bell and Telus also operate an older 2G CDMA network which not only covers metropolitan areas but also covers the most rural areas of Canada.

Rogers operates two networks as well: an older 2G GSM network and a newer 3G network (much like the Bellus HSPA+ network). Unfortunately, Rogers coverage isn’t as prevalent in the outskirt rural areas of Ontario.

Big 3 Resellers

I should mention that the big 3 providers also have smaller discount brands/resellers of their service. It is common for people to have plans with some of these common providers so I thought I’d give you some information. Please refer to the following chart:

Bell: Solo MobileVirgin Mobile
Telus: Koodo
Rogers: FidoChatr

What works and what doesn’t

Around the City of Guelph, all cell phones work without too many problems. The problem area is where students spend most of their time: on campus.

Rogers’ customers will have no problem if their phone works on either 3G or 2G networks.

Bell’s and Telus’ customers will have no problem as long as their phone supports the 3G network.

Bell and Telus customers on their 2G CDMA network will experience highly spotty coverage within the University of Guelph’s campus. It mainly affects the service inside buildings, but it’s still bad enough around the University of Guelph that calls are dropped and data, emails and text messages don’t go through very often.

Recommendations for Rogers Customers

Nothing! You guys are lucky that the school has a Rogers cell tower on top of the library to serve all your needs and keep you connected!

Recommendations for Telus and Bell Customers

If you’re a student that is planning on attending, or are already attending the University of Guelph and you are currently subscribed to Telus or Bell, check to see if your phone is a 3G phone. Chances are, if you bought a new smartphone within the last year or so, such as a Blackberry or iPhone, you should already be utilizing the 3G network. If you have an old, simple phone that doesn’t do anything other than call and text, your phone will likely be on the 2G CDMA network. You can find out this information by Google-ing your phone’s model number, or by calling your service provider (dial *611 on your mobile phone) and asking for technical support.

I must note that during the first week of school, all 3 cell phone providers are on campus promoting their phones and plans. You can find some awesome deals from them so it is wise to wait sometimes.

Why I wrote this quick little article & do we rely on mobile phones too much?

I know there are a fair amount of students who are constantly frustrated about why their phones do not work on campus. They usually do not fully understand why their phones don’t work. It’s also intriguing to see how the tendencies and trends with the student population have changed over the last few years. From my observations, I would estimate that about 50% of students have a smartphone; the majority of them being Blackberries, followed by iPhones and other smartphones.

It’s interesting how the naked feeling of not having your phone or not having cell coverage makes people feel cut-off and isolated. There is even a term called phantom-vibrate-syndrome, for when you think your phone is vibrating when it really isn’t, or when you don’t even have it in on you.

People that have smartphones such as a Blackberry, iPhone and Android platforms feel the need to be constantly connected via email, Twitter and Facebook. These devices rely on reliability and coverage of the mobile networks from Bell, Rogers and Telus to keep people connected with their business and personal lives.

A few weeks ago, the Rogers (and Fido) mobile network in Vancouver went into haywire for 4 hours during business hours so Twitter erupted with people reporting that they couldn’t make a call, send data or text messages or do anything with their phones. Their phones were paper weights. Imagine the impact on businesses during the period. This is equally as bad as the Internet stopping to a halt!

Most university students these days object to purchasing a land-line in their homes in order to save money. Most of them are usually out and about anyways, moving from class to class. Mom and Dad know that they usually have their phone on them all the time, since they’re always keeping in touch with friends. They get worried when they don’t answer, depending on the parent and they sometimes think the worst.

Sometimes we miss an important phone call from a possible employer or even a friend you’re trying to meet up with. Should they really feel that they can contact you right this second? What happened to voice mail and call-backs? Nowadays, people text and email each other and expect a reply instantly.

Similar instances have probably happened to you before. Your friend is meeting you outside of a building and for some reason, you’re running a couple minutes late. Your friend has no clue where you are and is trying to get a hold of you, only for the call to go straight to voice-mail or go unanswered. Everyone gets frustrated! As our society grows reliant on cell phones and being connected instantly, people get anxious when someone isn’t there right away.

Hope this helps!

Hopefully, users within the University of Guelph campus find some of this mobile phone information useful since many of us only rely on mobile phones to communicate now. I believe that less and less people will have issues with their coverage as most wireless subscribers who upgrade or purchase a new phone today will be on the newer 3G networks provided by Rogers, Bell and Telus. If you have any questions, comments, or think some of this information is inaccurate, leave a message/reply and I’ll respond as soon as possible.

Further Reading

If you are serious about finding out more information about cell phone networks in your area, forums are a great place to start. They provide experience from other users that likely have similar problems or questions.

Howard Forums has some great community information for Canadian Mobile Carriers.
Loxcel Cell Tower MapSpatial Tower Map provides local cell tower information – It’s always interesting to see where the nearest cell towers are in your area.