WASHINGTON BOEING REACTS TO STOLEN LAPTOP COMPUTER BY ANNOUNCING NEW SECURITY MEASURES The Seattle Times: Business & Technology: Boeing message to employees about stolen laptop and security procedures:

Boeing message to employees about stolen laptop and security procedures

Boeing News Now for December 13th

Dec. 13, 2006 – Morning

Boeing responds to data loss affecting current and former employees

Employees affected by this personal data loss are being offered free three-year memberships in Experian's Triple Advantage credit-monitoring program. Triple Advantage will identify and notify users of any key changes that may be a sign of identity theft. The membership includes:

A report from all three national credit bureaus when you sign up
Unlimited access to your Experian credit report and credit score
Daily monitoring of all three of your national credit reports
E-mail or text alerts when key changes are identified
$50,000 identity theft insurance provided by Virginia Surety Company Inc.
Access to fraud-resolution representatives.

Affected individuals who are personally notified by Boeing must activate their own membership by April 15, 2007. The promotional codes used to activate the credit-monitoring membership expire on that date.

Employees who were affected by a previous personal data loss and have already activated a credit-monitoring membership do not have to re-enroll. Their memberships will automatically be extended a year for a total of four years from the original activation date.

Employees who were affected by a previous personal data loss and did not activate a credit-monitoring membership will be treated as newly affected individuals and offered three years of credit monitoring from the date they activate.

When a similar incident occurred last year, Boeing implemented a three-phase plan aimed at better protecting employee information:

We have taken significant steps to replace individuals' Social Security numbers with other identifiers wherever possible, and much progress has been made.

We also required the removal of personally identifiable information from the hard drives of Boeing computers and required confirmation that the removal had been completed. We've ensured software to encrypt data was installed on computers for those few occasions when data needs to be downloaded, and trained all employees who deal with personally identifiable information to ensure the policy, requirements and processes were understood. This new incident resulted from violation of our requirements.

The third phase of the plan is automatic encryption of all information on Boeing computers. This phase began this month and is a requirement for all Boeing computers, beginning with those of employees who work with personally identifiable information and other Boeing proprietary information.

"We deeply regret that the information you entrusted to Boeing was compromised," said Rick Stephens, Boeing senior vice president of Human Resources and Administration. "Safeguarding the personal information of our employees remains a priority for Boeing, and we will continue to strengthen our policies and provide tools to stop this from reoccurring. This instance reiterates the need for every employee to use the encryption tools and resources correctly, from making the decision to place information on the laptop, to proper encryption and then disposal of files."

Since this is a personnel matter, Boeing can make no comment regarding the employee. Upon completion of the investigation, appropriate corrective action will be taken as warranted.

Protect your Boeing laptop and the information on it - http://boeingnews.web.boeing.com/archive/12_06/121306/061213a_protect_p2.html

Even knowing the significant risk of data loss, some Boeing employees are still leaving their laptops in the car when they run errands and participate in activities. Security has investigated cases where the laptop wasstolen after it was left in the car when employees went to concerts, movies, shopping, the gym, etc. In most cases, employees made the mistake of putting their laptops, purses and other items in their trunk in plain view of people who case these venues looking for opportunities.

Boeing policy requires laptop users to take "reasonable measures" to protect their laptop and any information not intended for public release it may contain.

Reasonable measures for employees traveling or transporting a laptop off-site: Keep your laptop under your control at all times, especially in airports, train stations and other transit venues. Pay attention to your surroundings to ensure that unauthorized persons can't view your screen when you are working off-site.

It is recommended you do not leave your laptop unattended in your car. However, if you must leave it in your car, do so only for a short time and be sure to lock it in the car trunk when you first get in your car – and never leave it on the car seat. Be aware that transferring your laptop to the trunk at the place you park is not a good idea, as the thief could be watching and know exactly where you left your laptop. If you take your laptop home, do not leave it in the car overnight.

If you cannot take the laptop with you when leaving your hotel room, lock your laptop in the room safe (if it is available and is large enough). Otherwise, use a cable lock (see below for information about how to order a lock) to secure your laptop to a stationary object in the room.

Be sure to encrypt all sensitive information, and/or your entire hard drive, using Boeing approved encryption software. The encryption software is downloadable from Software Express and the Desktop & Laptop Protection Web site.

If, within the scope of your job, you have access to any personal employee information:

Ask your manager if you have approval to copy information from a secured server and save it to your laptop in order to work on it.

Determine, with your manager, if there is any situation where you would take that information off-site (e.g., home, travel) to work on it.

Check with your manager to see if any special controls must be implemented to securely transport or store your laptop and associated media or documents.

When traveling internationally:

Be sure to coordinate with Global Trade Controls (Export Management) for appropriate licenses. If available in your location, use a loaner or "clean" laptop from a Laptop Service Center (link below), especially for international travel. Load only the information you need for travel. With a clean laptop, you don't have to spend time trying to locate all the sensitive files that need encryption on your own laptop, which may be quite difficult. You can save and encrypt any sensitive information needed during travel on the loaner laptop.

Even when you are at a Boeing site, you should:

Log off or activate a password-protected screen lock before leaving your laptop unattended (even for just a moment). It is recommended that you not leave your laptop unattended for any length of time unless it is locked in a drawer, cabinet or office, or secured with a cable lock.

Always lock your laptop in a cabinet, drawer or office prior to leaving it unattended for more than a short time (e.g., when leaving to attend a longer meeting or to go home for the day).

Removable media (e.g., CDs, thumb drives, etc.), PDAs (Personal Digital Assistants), and BlackBerries are capable of containing enormous amounts of information. They are also easily lost or stolen . The number of BlackBerries and cellular phones lost in airports and taxis is reported to be very high. Users must be cautious about storing sensitive information on these devices and keep them in their possession at all times, or locked in a cabinet or desk.

The company standard encryption software can be used to protect sensitive information on removable media. See the Desktop & Laptop Protection Web site for software solutions for media data encryption and the Kanguru AES Encrypted USB 2.0 Flash Drive hardware devices. Note: When information on the media is encrypted using the company standard encryption software, thecomputer that originally encrypted the media may be required to decrypt the information.

Company standard file encryption is not yet available for protecting information stored on PDAs. BlackBerry users should be using Advanced Security to encrypt e-mail containing information that requires enhanced controls (see link below). Before traveling outside the United States, BlackBerry and PDA users need to coordinate with Export Management regarding use of these technologies in the country where they will be traveling.