The hidden cost of PC theft

Jun 1, 2000 12:00 PM, David N. Herbig

"The laptop in my desk drawer, the one I was given to work on that project in Belgium last year, is still there. No one has asked about it for over a year. Do you suppose the company would notice if I gave it to Sarah? She could use a laptop at college. Sharing the desktop PC with her roommate has been a problem for her in the past. I think I'll just loan it to her for awhile, and if anyone asks about it, I'll get it back before they even know it's gone."

This is an example of what is called "opportunistic re-appropriation." It is seldom reported or counted as computer theft, but has the same effect on the organization: A useful machine is lost from service, usually forever.

It is only one of many ways a PC can be lost. Theft by those inside the organization - as well as the more highly publicized incidents at airports, taxis, and hotels - are one part of the mix. "Machine drift," or the propensity of untracked PCs to silently disappear, is another. Leasing company records show that it is not uncommon for 10-20 percent of leased machines to be missing after a two-year lease term. While the statistics on reported thefts are shocking enough, these unreported losses simply add to the distressing situation facing many organizations today - the unmentionable problem of PC theft.

Even corporate security departments are often hesitant to speak about the true levels of PC theft. Raising the issue of how easy it is to steal a PC, or the security department's inability to stop the problem, is something most security personnel are not willing to discuss publicly or bring to the attention of executive management. But perhaps the most alarming element of this situation is that the organizations themselves seldom have an accurate method to assess the extent of the problem.

According to Safeware Insurance, the most frequently cited supplier of statistics on PC theft, more than 303,000 laptops and 109,000 desktops were stolen in 1998, representing a loss of over $1 billion. In addition, the unrecoverable costs of lost user productivity, replacing missing hardware and data, and the administrative time spent to protect networks from the exposure caused by the missing machine can exceed the value of the lost hardware.

Laptops are sometimes stolen for the information they contain. Potentially damaging documents, valuable data, passwords, credit card information and digital certificates can cause significant loss to the unlucky victim. As the trend to laptop machines continues, this problem can be expected to grow.

How can the losses from PC theft be reduced? First, establish a system that accurately tracks the location of each machine and the person responsible for it. This provides a starting point for determining the real extent of losses and establishes personal accountability. Second, let employees and the community at large know that an effective anti-theft program is in place. Third, catch and expose computer thieves.

Companies that have taken these three steps have seen PC theft drop by as much as 90 percent. Simple inventory programs that track the person, department, and assigned location of a PC let employees know that the machines are being carefully accounted for and that "opportunistic re-appropriation" is a threat to job security.

More sophisticated anti-theft systems are needed to act as a deterrent to the more determined thieves. According to the FBI, 75 percent of reported PC thefts are caused by an insider, someone who would be expected to be on the site. Employees, delivery people, janitors, even security guards have access to the grounds and buildings and have opportunities to steal unprotected machines. While locks and cables or proximity devices offer some protection, determined insiders can usually plan and wait for the right moment to make their move.

In addition, most of these techniques are powerless once the PC leaves the premises. Fortunately there are solutions that solve this problem too. One is CompuTrace, a tracking system from Absolute Software Corp. In addition to providing an on-line inventory showing the assigned user and department, it causes each PC to contact a secure monitoring center on at least a weekly basis and report its location. In addition to simplifying the task of taking a physical inventory of computers, the system can track PCs if they are stolen. The stolen PC will secretly call the monitoring center through a modem or IP connection from an ISP or a network connected to the Internet from anywhere in the world. Once the PC makes contact with the CompuTrace monitoring center, CompuTrace recovery specialists work with private or public law enforcement officers to recover the stolen PC and apprehend the criminals.

Whatever the extent of PC theft in an organization might be, there are cost effective "best practices" that can be employed to reduce the threat to the bottom line. Despite the embarrassing nature of the problem, proven, effective actions must be taken to save the time and expense caused by the hidden costs of PC theft.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue