400 North Capitol Street, NW
Washington, DC 20001
- Toll Free 1.888.564.6273
- Local 202.783.3870
Irwin Jacobs came face-to-face with one of the biggest security issues facing American business executives these days: What happens when a laptop chock full of business secrets gets ripped off?
Jacobs, the chief executive and founder of Qualcomm Inc., had his laptop stolen from a journalism conference this past weekend in Irvine. The IBM ThinkPad laptop, which he had used to give a presentation at the conference, contained megabytes of confidential corporate information dating back years, including financial data, e-mail and personal items.
The theft was a painful reminder of one of the unforeseen costs of the New Economy's most powerful tools: new portable technologies like laptop computers, hand-held electronic organizers and cellular phones. While the devices offer unprecedented flexibility to executives, they also lead to frightening lapses in information security because of the sheer volume of data than can be hauled around on them.
Basically, business data have moved from paper to digits, but many companies aren't moving as quickly to update their security measures. Laptop theft, in particular, is "a big issue it cuts across all different types of companies," says Richard Heffernan, a security consultant with R.J. Heffernan Associates Inc. in Branford, Conn., which performs security audits and other services for large corporations.
Some firms are being careful to protect sensitive information on portable devices. The laptop of Intel Corp. CEO Craig Barrett, for example, is never left alone. Barrett, who takes frequent trips to South America, Asia and Europe, doesn't ever leave the laptop locked in a hotel room or elsewhere either he has it or it is carried by a security person or Barrett's technical assistant.
Intel also prohibits working on confidential documents on airplanes or other public places and restricts the kind of information that can be put on a portable computer, said Intel spokesman Chuck Mulloy. Some data can't be put on a laptop at all, while some can be put on only in encrypted form. The company also purges e-mail regularly so years of data won't accumulate.
The theft of Jacobs's laptop, being investigated by Irvine police, marks the first time a top-level executive at Qualcomm had lost confidential corporate information, says company spokeswoman Christine Trimble. Qualcomm doesn't have a policy for what type of information its executives can or cannot carry on their computers, she added.
Though Qualcomm, a wireless-technology provider based in San Diego, hasn't encountered the problem before, many other companies have. Heffernan says many people find their computers missing after snoozing on commuter trains or going to the bathroom on airplanes. But the biggest problem, he said, has been hotels, where the safes that can store valuables usually aren't big enough for laptops. "We had a client who had their hotel rooms broken into on five business trips to Paris in a row," Heffernan said.
The Independent Institute and Citizens for a Sound Economy two public-interest groups that have received payments from Microsoft Corp. saw laptops disappear from their offices within the past year. The groups believe the incidents were related to their work with the software company. The pilfered information, association officials say, eventually appeared in the media, usually with embarrassing results for Microsoft.
Two years ago, security-systems maker ADT experienced the scare of laptop theft first-hand. L. Dennis Kozlowski, chairman and CEO of Tyco International Ltd., the Bermuda-based conglomerate that owns ADT, recalls that an ADT marketing executive left his laptop unsecured on his desk when he went home. The laptop disappeared overnight.
Fortunately, ADT soon recovered the missing laptop since it carried an ADT-made security system that used the same satellite technology employed by boat captains to pinpoint the position of vessels. The technology uncovered the thief's exact home address as soon as he turned on the stolen computer. Kozlowski said the laptop victim got "plenty" of ribbing afterward, but the company isn't taking any different security measures because of the incident.
Like ADT, some companies have adapted their security policies to protect the growing mobility of sensitive data. Weyerhaeuser Co. CEO Steven Rogel not only travels without sensitive data on his hard disk, he confines most of his laptop usage to e-mail and scheduling correspondence over the Weyerhaeuser internal network, which requires a password for access, says a company spokeswoman.
3Com Corp. CEO Eric Benhamou aggressively uses encryption programs, which scramble the contents of laptops to conceal data from prying eyes. 3Com urges executives to encrypt sensitive documents when they download material onto laptops, says David Starr, chief information officer of the Santa Clara maker of computer-networking equipment. For example, he says, all the documents relating to 3Com's spinoff of Palm Inc., which was announced last year, would have been encrypted.
Many executives don't bother with encryption technology, even though software aimed at laptops has been around almost as long as the devices themselves. Internet-security companies such as Network Associates Inc., of Santa Clara sell software that lets users encrypt the data stored on notebook hard disks, making it all but impossible for any thief to read or otherwise make use of the data if the laptop is stolen.
EBay Inc. has a tougher laptop policy than many companies. Employees of the San Jose-based Internet auction house have to get approval from supervisors before they remove sensitive information on laptops, floppy disks and CDs, according to Henry Gomez, vice president of corporate communications at eBay.