Laptops

10 things you should have already done to secure your laptop


There are a lot of reasons to make sure that your laptop stays secure -- both from a physical perspective as well as a software/data perspective. From the physical side, laptop theft isn't generally considered a positive event -- at least from the victim's perspective. From the data side of the equation, however, losing the wrong laptop can cost your company much more than the cost of laptop. Imagine the public relations fallout if your company loses a laptop containing private information about all of your customers.

This 10 Things describes steps that you can take to protect your laptop. Not all of the steps will necessarily apply to you, but they should all be considered in any comprehensive protection plan.

This blog post is also available in PDF form as a TechRepublic download.

1: Encrypt the hard drive

Scenario: You're in the airport and you lose your laptop or it's stolen. Said laptop contains your entire customer database along with personal information about each of them. Voila! Instant public relations incident -- except it is not the kind of PR that you want. Protect yourself from this kind of problem by encrypting your laptop's hard drive.

If you're using Windows Vista, consider using Vista's BitLocker drive encryption software. If you're using Windows XP or another operating system, there are a number of third party full-disk encryption products available on the market.

Although you can use EFS (Encrypting File System) to achieve a similar goal, full disk encryption provides better protection as everything on your disk gets protected and you don't have to worry about saving files to a particular location.

For more information about hard drive encryption, see the following TechRepublic resources:

2: Install tracking software

Protecting data is extremely important but if your laptop is lost or stolen, you probably want it back. To this end, install software on your computer that tracks its location should it ever be lost or stolen. Most laptop theft recovery software installs to an undetectable location on the laptop and the software cannot be erased from the system.

Each time the computer connects to the Internet, it reports in with the software manufacturer. In the event that the computer is reported to the recovery software company as stolen or missing, the company tracks down the physical location of the laptop and then notifies the authorities. In many cases, the hardware is actually recovered. However, even if the laptop is recovered, you can't be sure that the thief didn't compromise your data.

Some tracking software includes the ability to remotely delete information from the laptop as well. This feature can be a lifesaver if a laptop with sensitive information is stolen. With this capability, you'll be able to delete potentially sensitive information before it falls into the wrong hands.

Here are a couple of TechRepublic resources to aid you in making the justification for tracking software:

3: Install antivirus and antispyware software

The two pronged antivirus/antispyware software blaster will do far more to protect your assets than a single application that handles only virus-busting. These days, spyware is probably a worse problem for many organizations then viruses were in their heyday. Many spyware infestations install keylogging software and other kinds of monitoring software designed to gain access to private information. Laptops can be especially vulnerable to spyware since they often spend time outside the organization's protective firewalls.

4: Tie down the machine with a lock (hardware or software)

Even those employees that are issued laptops don't always carry them every place they go. As such, there are times when laptops are sitting in employees offices, in hotel rooms, at home, etc. There are numerous documented cases of laptops containing sensitive information being stolen from homes, airports, hotels, and even people's offices. If you're traveling or using a laptop at home, consider taking a security cable and lock (such as a Kensington lock/cable combination) with you that you can wrap around a table leg. Although a solution like this will not completely prevent laptop theft, most thieves go after easy targets. Any roadblock you can put up will deter would-be thieves.

5: Install a software firewall

A software firewall goes a long way toward protecting a system. Such software keeps unwanted traffic away from your computer. However, not every system necessarily needs a software firewall. If you need to pick target systems on which a software firewall will be used, seriously consider laptops in your plans.

As I mentioned before, laptop computers often spend time outside your company firewall, meaning that they lose the important protection of those devices. Especially if you're out in the wild using an unsecured wireless network, a firewall will help to keep your computer from being subject to attack.

Some TechRepublic resources:

6: Stay current with updates

Even though they come frequently and can be a hard to keep up with sometimes, staying current on all of your installed software is critical. A number of patches are designed to correct bugs that result in vulnerabilities that can be exploited. Implement an automated system such as WSUS or, at the very least, configure your laptop for automatic updates so that patches are applied as they become available.

7: Use a strong password

Passwords remain the most common way to secure resources, including laptop computers. Again, since laptops are often in the wild, it becomes even more important to use a strong password to lessen the risk that a local account is compromised. Make sure that all local accounts are appropriately secured, including the local Administrator account.

8. Use wireless networks carefully

Wireless networks are everywhere -- from Barnes and Noble to Starbucks, and even McDonalds. In most of these cases, even though you often have to sign up to use the connection, the wireless service is insecure meaning that anyone within range of your laptop can pick up everything you see, do and type. Obviously, this is not good.

If you're working from one of these locations and find it necessary to work on something sensitive, try to connect to your organization's VPN service and do your work via that connection instead. With the right kind of VPN in place, traffic between your laptop and your organization's network will be encrypted. If information security is a critical concern, only use wireless networks that are secured with WPA or WPA2. This isn't a perfect solution, but is much better than using only WEP.

9. Disable Windows services you don't need

Every service that runs on your laptop increases the attack surface of your computer, especially services that listen on particular ports. To help further protect a roving laptop, disable any services that you don't need to do your job.

TechRepublic has a number of resources available to help you complete this step:

10. Make sure your laptop is insured

This one is easy: When all else fails and your laptop is stolen, you will probably need to replace it.

About

Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive w...

5 comments
unclekinheaven
unclekinheaven

is ok, but what if you give your computer or laptop a strong pass word and eventually forget the password how do you do it to make you use your laptop

ALWILSON
ALWILSON

Good article. Encrypting laptop & location tracking software. Good tips...

jamie
jamie

A stolen laptop is usually traded to a fence or a drug dealer for money or "product". If the laptop looks like it has financial information on it, it will likely pass through the hands of an identity theft ring too. A recent, powerful laptop usually goes for an "eight ball", or 1/8 of an ounce of cocaine or meth (approx $200). Older ones get a 1/16 ounce (or a teenager in street talk). These people are not particularly sophisticated. Chances are if the unit has good software on it, it will not be wiped, since the crooks hate reinstalling windows as much as we do. A few suggestions come to mind: Use the boot password feature that is likely already there in your laptop BIOS. It usually prevents anyone from re-using the hard disk or the laptop unless they follow a complex process of defeating the security chip that most laptop makers put on the motherboard these days. That makes your "eight ball" now worth $20. Make sure you sprinkle clues to your identity in various places around your hard drive. Then if somebody suspects the providence of a laptop and they look around and find your contact information, you may get it back. You can optimise your "user persona" with an eye towards minimizing damage, denying value to the thief, or maximizing recovery. The BIOS password covers the first two objectives, while the sprinkling contact info might help you get the unit back. An ideal setup (for the recovery scenario) would include tracking software, a BIOS password that you only had to enter to change-out the hard drive, and a default account that doesn't require a password that lets the user get at Microsoft Office, a browser, and all the cool games. (Sensitive stuff would live under another user identity, with a password, etc.) Enable the password-free user install more software, too. Then if your system is stolen, chances are the system disk won't be wiped, nobody will notice the password for BIOS/disk changes, the drug dealer will claim the laptop for his personal use. Based on your theft report & tracking software, the Guys in the White Hats will get a warrant, raid the place, and roll up several criminal organizations at once. You get your laptop back and a sweet feeling of revenge.

mazinoz
mazinoz

If you are an IT person you should already know how to overcome a BIOS password in both a desktop and a laptop.

speculatrix
speculatrix

it's fairly trivial to personalise the startup and shutdown screens on windows - simply create a banner page with "this laptop is property of XXXX, call 555 6666 to report it lost, stolen or recovered - reward if returned" offering a reward for the return if someone happened to find it might be more convenient than fighting a theft and insurance claim!