One of the most common stupid user tricks is to leave a company laptop in a cab or in some mugger's blood-stained fist. Maybe someday there'll be a guy known as Putz Ventura, Laptop Detective, but right now I just don't see it. Sure, folks keep losing laptops faster than third-world countries are losing cute children to Hollywood adoption agencies, but is that really such an irreversible trend? A dab of common sense will do you.
So dig out your mobile security policies and skim down past Anti-Virus, Personal Firewalls, and Backups, and tack on a section called Theft Protection. When building this section, you're covering three basics: data protection (the device itself), hardware protection, and corporate exposure -- the easy ones first.
Data protection is a function of two basics: backup and encryption. Your network should take care of automatically backing up your workstations, both mobile and desktop, as long as they're plugged into the network. Even telecommuters running VPNs can be backed up this way, especially with the new remote access traffic technologies that Microsoft's built into Windows Server 2003 SP2 and Longhorn. For folks constantly on the road, simply supply either a USB hard disk or a big thumbdrive, depending on how much data those users tend to generate. And that brings us to encryption.
I'm amazed at how few folks use data encryption. It's native to OS X for the Mac users; it's going to be native to the Vista vegans, and for XP Pro pros, there are plenty of third-party disk encryption packages that range in cost from free to hundreds of bucks per seat depending on the platform. Me? I like something basic, such as Cypherix's Cryptainer, and a strong password. It's not fancy, but it works as well on a hard disk as it does a USB key.
For admins managing loads of seats, however, that password issue becomes more of headache. If you have the budget, my favorite is a token-based system or something biometric -- though both of these should be backed up by strong passwords, just in case. If your budget is smaller, however, a simple password management scheme will suffice. Fortunately, if you're on Vista, you can actually add that info to each user's Active Directory entry. Or skip that step and use a big spreadsheet; just make sure the info stays encrypted on a server, never on anything that'll leave the office.
That leaves hardware protection. Your laptop is lost, and you want it back. Frankly, this has never been a priority for me. As long as I know the data is protected, I'm happy to leave the hardware cost up to the insurance company. But for those who need their hardware recovered, lots of laptop companies are using CompuTrace's LoJack for Laptops. Or you can look into something along the lines of StuffBak, which is an intelligent hardware tracking service.
Worried about your burgeoning fleet of cell phones? Windows Mobile 6 will have you covered not only with native storage card encryption, but also with server-side features that let administrators wipe data off stolen cell phones remotely. Very sweet. Alternatively, there are mobile management suites (such as the one from Altiris) that'll cover more than the Windows platform. Just remember that Microsoft isn't the only company aware of mobile data security, so check upcoming releases before spending a large chunk of change for something you may be getting in a software update.
And last on the equipment list for your laptop loss toolkit is ... you. This is a topic that requires cooperation from users, and that means training from the IT department. Don't just make them aware of the problems; train them in the solutions. If that doesn't work, circulate a security memo promising huge financial penalties or even prison for users who lose their laptop. Then steal the worst offender's notebook -- just for a day. Cause one heart attack, and the rest will fall in line.