“Dumb terminals” may be a smart solution to data theft

It’s sometimes referred to as a “dumb terminal” – a 2lb, 10×7-inch computer with a Web browser, but no hard drive or storage capabilities.

Industry insiders say such a contraption may come in very handy for knowledge workers who are on the road a lot – especially when it’s coupled with a software tool that enables easy remote access to your corporate desktop.

One such tool – SecurePC – was released in Canada a couple of weeks ago by 01 Communique, a Mississauga, Ont.-based company specializing in Internet-based remote access technologies. The tool — part of the firm’s I’m InTouch remote access system — enables you to control your PC remotely using a Web browser.

Mobile professionals and telecommuters, in particular, would find the tool useful, suggests 01 Communique president, Andrew Cheung.

Cheung said someone could purchase a “dumb terminal” and use it to remotely access their corporate data using SecurePC. “If you are at home or at a hotel, as long as you have a browser, you can take control of your [office] workstation.”

If your “dumb terminal” is stolen or misplaced, Cheung said, all you lose is a piece of hardware worth around $400 that’s quickly replaceable — not all of your critical company’s files.

Use of dumb terminals – loaded with some sort of app that enables users to remotely access their corporate files – is expected to grow, as mobile professionals become increasingly wary of carrying laptops on their travels.

In the U.S., an estimated 12,000 laptops are stolen each week. In Canada too the incidence of laptop theft has been rising every year, according to Candice Low, an analyst at Info-Tech Research Group in London, Ont. It’s a problem common to consumers and businesses alike, she said.

The risk of sensitive business or client data falling into the wrong hands is by far the greatest threat associated with laptop theft, experts say.

For instance, in September a laptop containing the mortgage data  of several customers was stolen from the Montreal head office of the National Bank of Canada.

While the number of files stored on the laptop database wasn’t made public, a National Bank spokesperson said the theft affected a “high percentage” of the financial institution’s mortgage customers across the country. The machine contained client names, addresses, bank reference numbers and account numbers.

While it’s not known whether data on this particular stolen laptop was encrypted, industry insiders say businesses often don’t bother with encryption because it’s easier not to do it, than to do it.

Low, however, emphasizes the importance of encryption, saying it could limit damage in the event of a data breach. “There’s no excuse for not encrypting.”

She says encryption tools don’t have to be expensive, and notes there are many free data encryption services available to knowledge workers on Web sites such as TrueEncrypt.org.

According to Cheung, however, encryption isn’t really a foolproof solution if a laptop containing business data is stolen.

“The data is still there and [the encryption] may be cracked by tech savvy hackers – so it’s very risky.” He says the most effective way to protect data is not to keep it on you when traveling. “Keep it behind the firewall.”

Companies, Cheung said, should consider a remote access application – perhaps loaded on a dumb terminal – instead of solely relying on data encryption.

But in the case of knowledge workers who do carry their laptops with them on a regular basis, there are ways to mitigate the risk of a data breach, Info-Tech’s Low said.

These include “not leaving your laptop unattended, using a backpack rather than a generic laptop bag, using a laptop lock at home and at work, and creating a laptop usage policy for the office.”

Employees should also not use a laptop unless they actually need one, according to another Info-Tech research analyst, Refael Keren.

He said today a growing number of employees telework — as firms seek new ways to save money in an economic recession.

In such an environment, having a large number of laptops circulating outside the office could be more expensive to a business in the long run, Keren said.

Companies, he said, should ensure their teleworking employees use a laptop lock, have strong passwords, and sign a laptop usage policy designed by upper management. “Employees need to know what to do if their laptop is stolen.”

He said teleworkers should not be given administrator access to their PC, so as to minimize any chance of rogue applications affecting the network.

With the growing incidence of laptop theft, tech-based laptop recovery services are also becoming more commonly adopted.

One such service is CompuTrace, provided by Vancouver, B.C.-based Absolute Software.

CompuTrace software – embedded in the PC’s BIOS – automatically calls an information centre to record its location when the laptop is connected to the Internet.

This enables the laptop to be tracked if it’s stolen.

The goal is to reduce “PC drift” and recover stolen laptops, and the company has had a lot of immediate success, according to Stephen Midgley, senior director of global marketing at Absolute Software.

CompuTrace, he said, recovers three out of four computers, or 75 per cent of all computers that are stolen or misplaced. By contrast, Midgley said, the U.S. Federal Bureau of Investigation (FBI) recovers three per cent of all stolen laptops.

The physical recovery team at Absolute Software includes former law enforcement professionals, who work closely with regional police agencies. The company also reduces the risk of data breaches on unrecovered computers by remotely deleting sensitive data that was not encrypted.

Kwantlen Polytechnic University in Surrey, B.C. bought the software three years ago after a rash of laptop thefts.

“We’ve had about five laptops stolen, three were recovered within a two month period,” said Joseph Leung, coordinator of desktop hardware services at the university. He said the fifth theft was just reported last week.

The university doesn’t use CompuTrace on all of its machines but specifically on “high risk” computers loaded with valuable data.

Share on LinkedIn Share with Google+