Laptop Security and Data Protection

Over 2 million laptops are reported stolen each year in the U.S., and thousands more are misplaced or left in hotel rooms, restaurants, airports, cabs or coffee shops. The hardware losses are estimated at over $2 billion, and the associated data losses are estimated at over $7 billion.

Most criminals target laptops to make a quick profit by selling the hardware on the black market, but around 5-10% (and growing steadily each year) of laptops are targeted by criminals intent on selling the data.

Research from the Ponemon Institute found the cost of a breach in laptop data to be about $165 per lost customer record. When multiplied by the number of records contained on the laptop, the total cost of a breach can easily reach hundreds of thousands or even millions of dollars.

Additionally, organizations involved in the loss of sensitive customer or employee information face potential violation of more than 20 state and federal privacy-disclosure laws and possible criminal penalties, not to mention the potential damage to the organization’s reputation.

The following security best practices can help reduce the risk of laptops and data being lost or stolen.

Basic Laptop Security Tips

Most people believe that laptop security is purely a technological issue. A huge percentage of laptop thefts and sensitive data loss is due to human error. The following laptop security precautions can significantly reduce the chances of your laptop being lost or stolen:

• Keep your laptop out of sight. Thieves can’t steal what they can’t see. Laptops should be safely tucked away in a locked drawer, hotel safe, under your bed, in the trunk, or in its bag when not in use.
• Choose a generic carrying case. Keep carrying cases as basic as possible. An appropriately padded backpack, courier bag or briefcase will help protect a laptop.
• Keep the laptop close. Remain in physical contact with the laptop at all times. This includes when presenting at or attending business meetings or workshops. Treat it as if it were several thousand dollars in cash.
• Label and tag the laptop and accessories. Make sure everything is labeled or engraved conspicuously.
• Communicate employee responsibility for the laptop. Have a clearly written and communicated laptop security policy that states the employee’s responsibilities and expected security precautions.

Storing Sensitive Data on a Laptop

One of the easiest ways to protect sensitive data is to only store information on the laptop that is absolutely necessary. If sensitive files, documents or data are not needed by the laptop users, they should not be stored on the laptop.

Also, consider how information is classified. Classification is an important loss control technique that defines how the information is protected, who can access it, where it can be stored and when it is destroyed.

Physically Securing a Laptop

Nearly every laptop manufactured within the past few years is equipped with a Universal Security Slot (USS) which allows it to be cabled to a sturdy or immovable object. While this will not stop a determined thief with bolt cutters, it will deter the casual thief who commits crimes of opportunity.

Another device that can help secure a laptop is a motion-detection alarm. These can be obtained from most computer supply stores.

Organizations can also purchase software that makes it possible to locate a stolen laptop. This hidden software contacts a monitoring center each time the laptop goes online. When reported stolen, the monitoring center can assist police in locating the laptop.

Almost 40% of laptop thefts occur in the office. Laptops should be securely locked into a docking station that is permanently affixed to the desktop. When leaving a laptop in the office for extended periods of time, store it in a lockable drawer or filing cabinet.

Protecting Laptop Data

Laptop data protection begins with password protecting the basic input/output system (BIOS). Contact the laptop manufacturer for the procedure for resetting the BIOS password. Also, find out if the BIOS password locks the hard drive so it can’t simply be removed and reinstalled into a similar machine.

Other laptop data protection methods include:

• Using a personal firewall on the laptop to prevent intruders from hacking into the machine via an Internet connection
• Considering services that can remotely erase all of the data from the stolen laptop’s hard drive the next time it goes online
• Using biometric access control devices, such as integrated fingerprint readers found on some laptops
• Using portable USB devices if your machine doesn’t have an integrated biometric authentication system

Encryption is another way to protect sensitive files or documents. There are a wide variety of products an organization can purchase to password-protect its information; operating systems integrate encryption at the file and folder level.

This level of encryption is typically enough to protect data from the eyes of another user or a common thief, but if the data is extremely confidential, you will need to get a more powerful encryption product.

Always back up the laptop before traveling or extended off-site use that may put data at risk. The backup utility that comes with most operating systems can be used to create backups on external hard drives, CD-Rs, DVDs or tape drives.

Remote Laptop Security (RLS) can be used to secure laptop data even when the laptop is not in the owner’s possession. Using RLS allows an owner the ability to deny access rights from any other computer with Internet access.

Protect data access with a strong password using a combination of letters, numbers, and symbols that would be difficult to guess.  Periodically change the password to make it more difficult for someone to figure the password out.

Risks of Wireless Connectivity

The two major threats to wireless users are unencrypted channels and fake access points, both of which could allow unauthorized access to data that you are sending or receiving. Many wireless hotspots use unencrypted channels, and someone with readily available tools and a bit of knowledge can easily get access to your laptop.

To protect yourself, only connect to a hotspot using one of two different encryption protocols: Wired Equivalent Privacy (WEP) or Wi-FI Protected Access (WPA). These tools secure the data between the laptop and the access point; typically, after that, other security features such as Virtual Private Networks (VPN) take over.

Because laptop wireless systems communicate so easily with access points, hackers use this vulnerability to set up their laptop near a hotspot to act as a wireless access point. If your laptop connects to theirs, they have your data. One way to protect against the dangers of a fake access point is to use secure proxy services which provide a secure and unbroken connection from beginning to end.

Additional protection means include:

• Use a personal hot spot with a required password versus public Wi-Fi
• Disable auto-connect
• Use a VPN connection
• Use multi-factor authentication (MFA)

Laptop Training for Users

A majority of laptop security is controlled by the users. They should be constantly reminded that the security of the laptop and the data contained within it is their responsibility.

• Communicate all laptop security policies and procedures in a clear and consistent manner
• Regularly update users with information on the latest threats and how they can protect themselves and their data
• Have procedures in place on what to do if a laptop is stolen
• Require employees to read, understand and sign an updated computer usage and security policy every year