Losing a mobile device is easily done

The hard drive was bought as part of research into what happens to lost or stolen laptops.

It contained information including pension plans, dates of birth and home addresses of customers.

The research was conducted by security firm Pointsec Mobile Technologies.

Easily read

The hard drive in question was purchased on eBay. As well as customer information, it contained personnel details such as payroll records and login codes for the secure intranet site.

KEEPING INFORMATION SECURE Security needs to be put on all mobile devices by IT departments Access control and encryption should be mandatory Set up a mobile use policy Use hard-disk encryption

If exposed, it could have had serious consequences in terms of customer confidence as well as affecting the share price and legal position of the company.

In total Pointsec purchased 100 hard drives and laptops on internet auction sites to find out how easy it would be for criminals and opportunists to get their hands on valuable company information.

Seven out of 10 hard drives could be read easily despite being supposedly wiped clean.

PowerPoint presentations

Pointsec also investigated the life-cycle of a lost laptop. It found that PCs lost at airports or handed into the police were routinely resold with all the information still on them if they were not reclaimed within 3 months.

At one of the auctions used by the lost property department at Gatwick Airport, researchers were able to access information on one in three laptops using simple password recovery software.

Something as simple as a hard disk drive password can deter the opportunist Tony Neate, National Hi-Tech Crime Unit

On one machine researchers found 15 Microsoft PowerPoint presentations containing sensitive information on a well-known food manufacturer.

They also accessed customer and company information and private photographs.

"Our research has found just how easy it is to purchase second-hand or lost laptops at public auctions as well as hard drives over the internet and easily access the information on them," said Peter Larsson, chief executive of Pointsec.

"There are dozens of websites which offer password cracking software or recoverable software which criminals, hackers and opportunists use when they want to break into laptops or websites," he added.

Pointsec has been contacted by companies which have been targeted by criminals threatening to go public with information gleaned from stolen or lost laptops.

"Security measures are vital to ensure that security is not compromised. Something as simple as a hard disk drive password can deter the opportunist," said Tony Neate, Technical Industry Liaison at the UK National Hi-Tech Crime Unit.