Skip to content
 
Tips for Tech

Tech Alert Briefing for 8/9/2002

Is Confidential Bank Information Walking Out Your Door?

  • Two laptops containing sensitive information crucial to national security disappear from a tightly guarded military headquarters.
  • The chief executive of a large publicly traded telecommunications company has his laptop stolen from the podium, as he greets well wishers after a presentation.
  • The FBI reports that 184 laptops are missing or stolen, including at least one that contains classified information.
  • A laptop is stolen from a foreign intelligence service agent while he is buying a train ticket.
  • A popular songwriter's laptop, containing many months work of irreplaceable song lyrics, is stolen from his car.
  • A health services worker, while grocery shopping, leaves her laptop containing health records in her car with her teenage son and a friend. The boys boot up the PC and open her files.They learn that one of their classmates has tested positive for HIV.They spread the news at school.The family of the classmate learns of the source of the disclosure and sues both the worker and the state health care agency.

Does your institution utilize laptops for business purposes?

If the answer is yes, the bank's confidential information may be at risk. Policies and procedures regarding laptop security must be in place to prevent access to the data by an unauthorized person.

What was the common thread among the events listed above?Each laptop contained highly sensitive information that was never intended to be viewed by unauthorized parties.

The military headquarters was equipped with surveillance cameras and the room where the computer was stolen was protected by a card entry system.

The chief executive made his presentation in a major hotel to a group of professional writers.He stepped away from the lectern only a few feet to interact with the participants at the conclusion of his remarks.

The FBI feels that its missing units mainly the result of poor documentation of the destruction of outdated models but does admit at least 13 were stolen.

The foreign intelligence agent placed the bag containing his laptop at his feet as he was paying for a train ticket.

The songwriter did not secure his laptop in his vehicle.

The health services worker's laptop was left unattended with no password protected or data encryption.

If your institution's employees utilize laptops consider:

  • What type of information stored on the laptop?What information may be accessed by unauthorized users or thieves that gain possession of the laptop?
    • Is there sensitive proprietary information relating to your institution?
    • Is there confidential customer data?
  • Is the data encrypted?
  • Do you have a policy in place for employees who utilize a laptop that specifies the precautions they are required to take to keep the laptop from being accessed by unauthorized individuals? What procedures are required to safeguard it from thieves?
  • Are threats to data security from inside sources addressed by your policies and procedures?
    • Be alert to the potential danger from insiders. Unlike a desktop machine that is too conspicuous to steal, a laptop can be spirited out of a building in a way that avoids detection.Appropriate hiring and screening procedures are key to preventing employee theft.

An institution can spend considerable time, effort and funds to secure its internal networks, computer resources and connections to the Net.All of these precautions are most likely useless if their most proprietary information can travel around unprotected.

What can be done to protect your portable PCs and the information they may contain?

Laptop Security Tips

  1. Secure the laptop workplace. Consider the installation of surveillance cameras. Restrict access to areas that frequently deal with sensitive information.
  2. If unauthorized parties have access to the area, employees should not leave the parties or the laptops unattended.
  3. Employees in an open office setting should be instructed to observe all workstations.This vigilance is critical if customers or guests are present.
  4. Don't leave the data on the laptop unprotected. Encryption can protect your data from most forms of theft. A thief may steal your computer but should not be able to access your information. I have provided links to information regarding encryption at the end of this article.
  5. When making a presentation outside the bank, an employee should utilize a laptop that only contains the information necessary to make the presentation.
  6. Maintain an accurate inventory of all computer equipment and update it on a regular basis. If a bank computer is taken out of service, make sure all confidential information is removed prior to it being sold, donated to a charity or discarded.
  7. Conduct computer security training for all employees who utilize laptops.
  8. Establish and police a policy stating who is authorized to remove a laptop from the workplace.
  9. Conduct background checks and screen all new employees who have access to areas containing laptops.Even though an employee is not authorized to use a laptop, that may not stop a dishonest employee from taking one.
  10. Update computer passwords and encryption protection on a regular basis.Make sure new passwords are changed when a laptop is transferred from one employee to another.

Encryption Links:
Cryptographic Toolkit
Cryptography and Encryption
How Electronic Encryption Works




Previous Tech Alerts:
07/30/02 Microsoft Continues to Patch Flawed Software
07/23/02 CERT advisory on PHP
07/15/02 Outlook Users Employing PGP Encryption Program Vulnerable to Hacking
07/11/02 Researchers Report Serious Flaw in IE
06/27/02 Microsoft Releases Critical Patch for Windows Media Player
06/18/02 CERT Warns of Critical Vulnerabilty in Apache Web Server
06/12/02 Sports Fans Beware: World Cup Virus Bounces Around the Net
06/07/02 Dead Man Tell No Passwords
05/31/02 Microsoft Issues Critical Warning Regarding Exchange Server
05/22/02 Microsoft SQL Spida Worm Slows Network Traffic
05/15/02 Virus Hoax 'JDBGMGR.EXE' Spreading Rapidly Thoughout Net
04/25/02 Klez Worm Reels in Banks with its Bait
04/11/02 Ten New Vulnerabilities Discovered in Microsoft IIS Server
04/09/02 New Virus Hoax Circulating Around Net
03/22/02 MyLife.B Virus Makes Its Way Around the Net
03/21/02 Microsoft Updates Its Warning on Critical Windows Vulnerability
03/14/02 New Virus (W32/Fbound-C) Spreading Rapidly in the Wild
03/08/02 Unauthorized E-Mail Scam Attempts to Steer Unwitting Customers to Fraudulent Bank Web Site
03/06/02 Klez-E Worm and W32.Gibe Virus Warnings
03/01/02 CERT Issues Warning on PHP Scripting Language Flaw
02/27/02 CERT Issues Warning on Internet Explorer and Outlook Flaw
02/22/02 SNMP Patches and Detection Tools Available
02/20/02 Email Address Belonging to Legitimate Security Site Hijacked to Deliver Dangerous Yarner Worm
02/15/02 Mass Mailing Email Worm Compromises Word 2000 Security Settings
02/13/02 SNMP VULNERABILITY
02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks
02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000
01/31/02 Copycat Virus Unleashed
01/30/02 Netscape Browser Vulnerable to Cookie Theft
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed

First published on 08/08/2002

Briefing type: 
Tech Talk

Report a problem with this page

Banker Tools View All

A collection of useful resources for various areas of the bank which have been developed by members of the BankersOnline staff or have been created and contributed by users of the BankersOnline site.

Banker Tools

Penalties View All

Search Briefings

Briefing Archives