Endpoint Security: How to Protect Data on a Laptop

By Ronald Pacchiano | Posted April 13, 2010

Losing a laptop, whether accidentally or by theft, is a traumatic event. But the pain of buying a new computer pales in the face of losing the data from an unprotected laptop. A few simple steps toward data protection can avoid an invasion of your privacy and the real likelihood of identity theft.

Do you think it won’t happen to you? According to a report published by the Ponemon Institute, more than 12,000 laptops are lost at United States airports every week. Approximately 40 percent of these laptops are left at security checkpoints, while another 23 percent are left at the boarding gate.

In most cases, the recovery rates of lost laptops are very low -- almost 70 percent of lost laptops are never reclaimed. The survey goes on to say that 53 percent of the business travelers surveyed carry sensitive information on their laptops and of those, 65 percent of those travelers have not taken steps to protect their laptop.

Here's the good news: each and every one of us has the means to minimize the loss associated with losing a laptop. The tools are readily available, and in many cases they’re free. Let’s take a look at some of the steps you can take right now to avoid a catastrophic data loss.

Set a BIOS Password

Most laptops let you set a boot password in the BIOS that will prevent the PC from booting if someone enters the wrong password numerous times. This is not an incredibly robust security deterrent, but it should stop the average person.

Set a Windows User Account and Administrator Password

The Windows operating system makes use of two main accounts; the administrator account and your user account. Each one of these accounts needs to have a unique password associated to it. This will prevent anyone from accessing your personal data or attempting to get around it via the administrator account.

These security settings are harder to bypass then the BIOS password and are managed via the operating system. You can also assign an account lockout to your user account. After an unauthorized person fails to enter the correct password a certain number of times, the account is disabled automatically.  Once the account is locked out, it stays that way until an administrator unlocks it.

IMPORTANT Your BIOS password and your Windows password should NOT be the same. If they are, then what’s the point of entering them twice? Each one needs to be unique and should follow established password guidelines. Read Don't Fall Prey to Lazy Password Practices to learn more about choosing strong passwords.

Biometric Scanners

An alternative to passwords is biometric security, which includes things like retinal scanners, facial recognition technology and fingerprint readers. Many laptops are equipped with fingerprint readers and if yours is so equipped, do yourself a favor and use it.

While each of these security measures adds a layer of complexity to your system, they’re really only a deterrent for someone with average to moderate technical skills. In fact with the right skill set, tools and utilities, these measures can be circumvented pretty easily. That doesn’t mean you shouldn’t use them. It just means you should understand that these don’t make you invulnerable. 

Hardware Encryption

The most effective way to protect your data is to encrypt it. On an encrypted drive, the data remains encrypted even if the drive is moved to a different system entirely. Depending on the level of encryption you implement, it would be almost impossible for someone to recover your data without the key used to decipher it.

Without question, encryption offers users the best protect against data theft and I would highly recommend you encrypt your entire hard drive. So how do you do it? Let’s take a look at two of the more popular programs available.

BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems. You can use  Bitlocker to encrypt individual partitions, entire drives and even USB flash drives. It uses the AES encryption algorithm and takes advantage of the Trusted Platform Module (TPM) found in many of today’s laptops.

This maximizes security by eliminating the possibility that someone might circumvent the Windows boot process. If you’re running a version of Windows that supports BitLocker, and you'd like to learn how to use the feature, read Increase Laptop Security with BitLocker.

If you run a version of Windows that doesn't include BitLocker, you need to use a 3rd party encryption program. There are many available, but one of the most popular is TrueCrypt, which supports Microsoft Windows, both 32 and 64-bit versions, Mac OS X and the Linux operating systems.

TrueCrypt supports a total of 11 different algorithms, and can encrypt the boot partition, an entire drive or a USB flash drive. It even has the capability to create and run a hidden encrypted operating system. The user interface is a bit sparse and not overly intuitive, but if you study it a bit you’ll figure it out.

The TrueCrypt site is also packed with extensive documentation that does a tremendous job explaining just about everything you’ll ever need to know about encryption and the encryption process: a Beginner’s Tutorial, defining each of the algorithms available, the benefits of hidden volumes, erasing signs of the encryption process and so much more. Best of all, it’s free.

The benefits of encryption can’t be denied, but it does come at a price. The process of encrypting and decrypting data can be very hardware intensive, particularly on older systems. Should you discover that your PC is running too slowly when using entire drive encryption, try encrypting only a portion of your drive. This should speed things up a bit.

The disadvantage to this approach is that sensitive data can accidentally be stored outside the encrypted area. However, using a partially encrypted drive is better than no encryption at all. The other important thing to remember is that once you encrypt your data you CANNOT access it without the password. If you lose or forget that password, then you might as well consider that data lost. So be responsible with your password.

Remember, you have all the tools you need to secure your laptop, so use them! No one thinks it will happen to them, but as the statistics show, it’s not just possible -- it's probable. Should that day come, your loss will never lead to anything more than the cost of the laptop itself.  

Ronald Pacchiano is a contributing writer for SmallBusinessComputing.com.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!


Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date