Not all attacks on your organisation's data come across the network. It's imperative companies remember that maintaining an "iron-clad" network security program doesn't immunise them against the physical assault or theft of data and the networked resources that contain that data. Nothing emphasises this point more than the recent identity-theft incidents at ING and the Department of Veterans Affairs, both of which began with the theft of a company laptop.
The full article is here:

http://insight.zdnet.co.uk/internet/...9277967,00.htm