A recent informal phone survey conducted by WinMagic should prompt the traveling professional to hold that laptop case tighter – and corporate IT teams to more closely administer policies regarding mobile device security.
We called 33 hotels in downtown San Francisco after the RSA Security Conference wrapped up in late February. We wondered if any RSA attendees had forgotten devices, and we also asked about hotel policies regarding those lost devices.
More than half—56 percent—of the hotels who participated in our survey ultimately allow the finder of the lost laptop to keep the device if the original owner does not claim it. A quarter (25 per cent) of those surveyed donate the device to charity if it’s not found.
The staff at just one hotel we talked to mentioned erasing contents on the machine before doing anything with it. Of course, erasing doesn’t necessarily mean really erasing; a seasoned hacker can still find information on machines supposedly “wiped clean.”
We’re all human, and humans forget things. And as previously discussed on this bog, laptops are commonly lost. And while one cannot really blame hotels for discarding lost devices that are cluttering their storage rooms (if no one claims them after a reasonable period of time, of course), the survey reminds us all that our laptops could literally end up anywhere. IT and security pros need to deploy full disk encryption technologies to protect the information on these devices, and they need to establish policies that do not interfere with how people work but protect any data on the device if it is lost or stolen.
One hopeful note: Hotels told us they didn’t discover more lost laptops than normal during the week of the RSA Conference.