14 DAY TRIAL // The most basic form of protection for a mobile computer system is to enable password-based access to its content, but a recent report shows that about a third of the Windows users included in the sample base do not apply this minimum security measure to their laptops.
Since these devices offer mobility, it goes without saying that there is a greater chance of losing or having them stolen. Should this unfortunate event occur, a password could sometimes act as a powerful deterrent for unauthorized third-parties to attempt reaching personal information stored on the machine.
A large number of security-aware users leave laptops completely unprotected
Most of the times, a thief is after the computer system itself, but they may also check if additional information can be obtained before erasing the storage and preparing it for a new owner.
Cases where personal information from a stolen laptop appeared online or, if it was valuable enough (personally identifying data, financial info), sold on underground forums, are not rare.
Despite such risks, almost 29.3% of the users selected for a study conducted by OPSWAT did not have their mobile computer systems protected with a password. The data included is the most recent one gathered between May 1, 2014 and October 1, 2014, from about 4,500 users, considered to be representative of the market.
OPSWAT collected the information through its GEARS product designed for monitoring the current state of the device and improving overall security. This means that users responsible for the statistics are not totally oblivious to the dangers lurking both offline and online, and realize the risk an unprotected asset is exposed to.
According to the company, these individuals “are more likely to have high-functioning security on their computers than would be seen in the market as a whole.”
“Having a weak OS password or none at all is like having your front door unlocked. It’s basically an invitation to the world to come in and do whatever they want,” said via email Bitdefender Chief Security Strategist Catalin Cosoi.
Tech-savvy thieves know how to reach hard disk info
For me, the reason for not placing a lock on a laptop, even as feeble as the password may be considered these days, is not exactly easy to understand, especially in the case of the users providing the data for the study, which included participants from corporate environment.
For a more technical-savvy thief, a password does not stand in the way of reaching the information stored on a laptop; booting into a different operating system is enough to get to browsing the stolen files, rendering the password completely irrelevant.
So, why make it absolutely no challenge for the less technical crooks to peruse personal or corporate information?
Data breach notifications emerging as a result of a stolen laptop are quite common, and there are sufficient instances where no password protection was available, leaving sensitive customer details exposed.
No reports of data misuse had emerged at the time of the disclosure, but this does not mean that the info had not been harvested and stored for later use, when everything cooled down.
Increased security starts with a password
Encrypting the files on the storage units is on the checklist of practices for responsible handling of sensitive data, and this would prevent information leaks, but not all individuals adhere to them.
On Windows, the operating system with the largest market share, there is BitLocker, a technology that encrypts the hard drive, specifically for data protection reasons if the device falls into the wrong hands.
Guess what? A password is needed to benefit from this feature. Some may argue that a physical token can be used to unlock the computer, but if that is lost, damaged or stolen, BitLocker’s fallback plan still involves providing a password.
So, in lack of an education to use a countersign to protect the computer device, a user is less likely to adopt improved security practices later on.
The study from OPWAT does not inform whether the 70.7% of the users restricting access to the laptop with a password also had encryption turned on, but I would not be surprised if less than 1% did it.
I owe this pessimistic figure to the fact that BitLocker is present only in some editions of Windows, be they Vista, 7 or 8. All Enterprise flavors have it included, and in the case of the older OSs it is also available in Ultimate edition, while users of Windows 8 benefit from it in Pro version.