I am being asked more and more about how busy professionals can protect the business critical and often sensitive information they carry around on laptop and netbook computers.
The simple solution to this problem is to encrypt the laptop disk drive so that only the owner of the computer can access the data.
Most computers have a password which is used to prevent access to the software, applications and data in a casual fashion. Passwords, and particularly strong passwords are a vital component in preventing unauthorised access to information and applications. However, they only protect systems that remain in the physical possession of the owner.
Once physical possession is compromised, as in the case of a lost or stolen computer, then there are ways of bypassing the logical access controls imposed by usernames and passwords. Such bypass techniques can be as simple as using software to reset or brute-force the password, or even just removing the hard disk drive from the machine and plugging it in to another computer.
This can be a particular problem in the case of mobile computers and laptops, where the opportunity for loss or theft is far greater than machines protected by a secure physical environment.
Encryption of the hard drive can protect against the dangers highlighted above. It means that, in effect, if the computer is lost or stolen, the data cannot be accessed by the new owner without the password or pass phrase used to perform the encryption. In addition, where whole disk encryption is utilised, the system cannot even be started unless it is completely reinstalled – overwriting any data on the disk drive.
Encryption of the hard drive will also provide your organisation with significant protection against legal and regulatory compliance penalties should a computer containing sensitive business, financial or personal data be lost or stolen.
In the UK the Information Commissioner’s Office (ICO) has the power to fine organisations who lose or have stolen computers containing personally identifiable information (PII) under the Data Protection Act.
Similar legislation exists across the European Union and in most US states.
So if you want to protect your mobile computers and laptops, or even your office based computers should you feel the need, then get your local IT guys to look at encrypting all of your organisation’s laptops.
If they can’t help you or you don’t have your own IT team speak to a local IT services provider or IT security company. They will be more than happy to go through your requirements and help you decide on the best solution for your business.