Mobile computing has revolutionised working practices in all sectors and industries. The key tool enabling this change is the laptop computer. The laptop has allowed employees to have maximum flexibility in the way they work, with the positive knock-on effects of improved efficiency and productivity.

However, for certain sectors these benefits cannot be realised because of other impediments, the most crucial of which is security. The Ministry of Defence, police, intelligence services and Central Government employees are probably the most restricted of all sectors by the security implications of mobile working. But these workers need to be flexible and responsive in the way they work and to do this all relevant information, whatever its security status, must be at their fingertips.

Many lessons appear to have been learnt since the outburst of negative press coverage a couple of years ago surrounding laptop theft. Between 1996 and 2002 over 1,300 Government laptops went missing. Therefore, it is little surprise that tabloid and broadsheet journalists alike had a field day.

The fact that much of the data stored on the machines was heavily encrypted and almost impossible to crack was largely ignored. Instead attention focused on more melodramatic angles such as, how could people be so careless as to lose such expensive machines? Or, why would anyone be so slipshod as to walk around in public with a laptop that contained highly sensitive information?

However, as highly valuable equipment, laptops will always be a number one target for thieves yet the very point of having a laptop computer is to enable mobile computing. The machine would be little more than an expensive toy if it did not contain the data needed by the user to do his or her job.

More importantly, the users in these cases, were reassured by the fact that all the information contained on the laptops could be encrypted. As former MI5 agent, David Shayler, stated in an interview with the BBC “The chances of a private individual being able to decrypt the information are zero. The sun is more likely to melt.” However, Mr Shayler made one further astute comment which questioned whether the laptop users had made sure they had encrypted their data.

Some encryption programmes have relied upon the laptop user actively opting to encrypt the data. If done, this information is often safeguarded by encryption software that, it is commonly held, would take a hacker a billion years to crack using the world’s entire processing power. However, the necessity for the user to proactively choose to encrypt the data leaves a massive hole in security management.

An alternative approach focuses on the hard disk, or “security hub,” where all the information is stored. If every piece of data written to the hard disk is automatically encrypted by a separate hardware device, then the security risk is dramatically reduced.

But what about the user? Many current security systems require the use of two passwords. Both passwords are relatively long and randomly generated. While efforts are made to make it possible for the user to be able to remember these passwords, the mental discipline of remembering two non-sensical 6-12 character long passwords is a tall order. In such circumstances the user is extremely prone to physically noting down the passwords rather than committing them to memory. A fundamental security flaw.

Therefore, new systems of security management should be adopted that mix password protection with other forms of security, such as radio frequency smart cards or other tokens. By combining the two a far higher level of security management can be achieved.

These steps are all ones that can be taken today. The challenges will be to focus on the threats of tomorrow. While the main tool for mobile computing today is the laptop, other devices such as mobile phones and PDAs are rapidly entering the fray. As their levels of sophistication and value grow so the confidentiality of stored information, and general security management will also have to be improved.