CALIFORNIA COMPUTER THEFT ON THE RISE AT UNIVERSITY of CALIFORNIA DAVIS CAMPUSThe California Aggie
Computer theft a recurring issue on campus

Risk Management Services and Information and Educational Technology combine efforts to rectify the problem

By BRIAN CHEN / Aggie News Writer

Posted 12/02/2004


Aside from bicycle theft, computer theft has also proven to be common at UC Davis, as approximately $50,000 worth of computers were stolen from campus in 2003, according to the UC Davis Police Department's annual crime and statistics report.

This total does not include the Medical Center and UCD's extension center in Sacramento, of which $53,150 and $57,967 worth of computers were stolen last year, respectively.
UCD's Risk Management Services is a department that offers insurance to cover theft incidents as well as provisions to ensure that the school does not suffer from severe losses.

"Insurance is just a means to make sure you're reimbursed if you have the loss, but the very best thing is that you don't have a loss at all," said Deborah Luthi, director of RMS. "We look at things such as, what exposure do you have to loss? What kind of controls can you put in place to make sure you don't have a loss?"

Luthi estimated that on average, about 12 computers are stolen from campus each year.

RMS suggested provisions such as making sure that campus facilities keep doors locked, have key control and utilize password protection.

Bob Ono, Information and Educational Technology security coordinator, said the larger problem with computer theft is the personal information contained on computers. In light of this, IET is developing a set of minimum security standards to kill two birds with one stone -- to increase protection of the information stored on computers as well as the computers themselves.
"Identity theft has recently become a nationwide issue," Ono said. "Personal information on a computer should either be encrypted or stored on a secured portable device. Thus, should the computer be stolen, the risk levels for discovery of the personal information remain low."

The security guidelines are still in a rough stage of planning, but Ono said they would probably be similar to the minimum security guidelines implemented in UC Berkeley.

At UCB, the minimum security standards require that on-campus computers automatically "lock" every 20 minutes when not in use. That is, a user and password authentication box will pop up if the computer is idle for 20 minutes. This ensures that no personal information is stolen from a user who left his or her username logged on.

Other provisions in UCB's guidelines include physically locking the cases of a computer and protecting the computer with a cable-type security lock.

Currently at UCD, computers within labs or stations are protected in a similar fashion. Irremovable police "tattoos" are grafted onto desktop computers, making them easily identified as stolen and thus unmarketable. Security cables are also wrapped around desktops to prevent them from being removed.

Aside from computers belonging to the university, students can report their computers stolen to the campus police department. With a student's written consent, the UCDPD submits the information contained in a report to IET's security council.

IET can then run a trace to see if the thief is connected to the campus network. If a connection is confirmed, IET informs the police department to take further action.

"I think we've got a campus that's growing," Luthi said. "It just calls upon all of us to be good risk managers and good stewards of the university's property."



BRIAN CHEN can be reached at campus@californiaaggie.com