Following the theft of 11 laptops from its financial and accounts department this year, Investec has reviewed its physical security environment.
Investec CIO Simon Shapiro told delegates at ITWeb`s IT Governance conference in Midrand last week that the incident revealed the inadequacy of standard security measures.
"We were not worried about the value of the laptops, which would have been only about R10 000 each, but rather about the value of the information that was on them," he said.
Shapiro said the laptops "may" have contained highly sensitive and important information, but stressed that each machine was password-protected and none contained any information pertaining to clients` activities or finances.
Nine of the machines have been recovered, untouched, by police, who found them in a Johannesburg informal settlement, he noted, adding that he is confident the machines were not compromised since the hard drives had not been removed.
The laptops were stolen during two incidents in the run-up to the May release of Investec`s annual financial results, said Shapiro, adding that "Investec was rolling out a revised laptop security policy" at the time.
"We are convinced that this was commercial crime and not industrial espionage."
Shapiro emphasised that security measures were in place, including physical locks, password protection, completely encrypted hard drives, personal firewalls and wireless card set-ups preventing simultaneous access to the corporate and public networks.
However, the computers were broken out of their locks, he said.
After the first incident, Investec conducted its own forensic investigation, as well as hiring professionals. Physical security procedures were reviewed and enhanced.
For example," he said, "we had stepped up surveillance within our buildings and further advised staff to lock away their laptops."
Share
