10 steps you can take to secure a laptop
2nd May 2013 | 07:00
An essential element of information security
Travelling with a laptop can represent a significant security risk to your business. This is because the data it contains is far more vulnerable when you are on the move than when you use a laptop in the relative safety of your office or home environment.
It doesn't have to be stolen; because it takes just seconds for a hacker to slip a USB stick into a laptop when it is unattended to install malicious software or steal data. Even relatively unsophisticated hackers can run programs like Mailpassview from a USB stick to steal your email account details and email password.
There are steps you can take to reduce the risk. Here are 10 simple things you can do to help keep your laptop secure when you are on the go.
1.Use a password
Ensure that your Windows account is protected with a password. The laptop should be configured so that the password has to be entered every time you turn the machine on or when it comes out of hibernation, sleep or screensaver mode.
An account password is an effective first line of defence, but only if you avoid choosing a commonly used - and therefore easily guessed - password. An analysis of passwords stolen from websites during recent security incidents reveals that the most common include "password", "123456", "abc123", "qwerty" and, bizarrely, "monkey".
2.Disable booting from CD or USB
But running these involves booting the computer from a CD or USB stick, so you can increase security by disabling the ability to boot from one of these devices. This can be done by altering the settings in your laptop's basic input/output system (BIOS) – the built-in software with generic code to control the machine – which can usually be accessed by pressing F1, F4, F10 or Del just after you switch it on.
To ensure that no-one can override these settings, password-protect the BIOS so that no more changes can be made to it without entering the password. This can also be configured in the BIOS settings.
3.Encrypt your hard drive
If your laptop is stolen from your car or hotel room there is usually nothing to stop the thief from removing your hard drive and attaching it to another computer. Doing this bypasses any account password protection and allows them to access your data easily.
The best way to prevent this is to encrypt your laptop's hard drives. Encrypted drives can only be accessed after the encryption key is supplied - usually in the form of a PIN, a password or by inserting a USB stick containing the key.
You can encrypt an entire drive using BitLocker, an encryption utility included with some versions of Windows Vista, Windows 7 and Windows 8. A free, open source alternative is TrueCrypt, which also works with Windows XP, Linux and OS X.
4.Use a virtual private network (VPN)
Publicly accessible networks, such as those offered in airports, conference centres and hotel rooms, present a particular security risk to laptop users. This is because hackers armed with free programs such as Cain and Abel, Wireshark or Ettercap can connect to the same networks and eavesdrop on emails or copy passwords as they pass over the network.
The best way to protect your data from interception by other network users is to encrypt it while it is in transit between your computer and your office network, using a company VPN.
If you don't have access to a company VPN, you can use one from service provider such as StreamVia or StrongVPN. This ensures your data is encrypted and protected from other users of the public local network.
5.Use secure email
Sometimes it can prove difficult to get a VPN connection working, so it's prudent to ensure that any email program, webmail system or cloud based email service that you use is configured to use a secure sockets layer (SSL) or transport layer security (TLS). This ensures that both your username and password, and the contents of your emails, are encrypted as they travel across the internet.
Webmail services like Gmail and cloud based services like Microsoft's Office 365 are configured in this way by default, but email offered by many internet service providers is not.
6.Protect yourself from other users
For additional protection against malicious users connected to the same business centre or hotel network, connect your laptop though a travel router that plugs in to an Ethernet jack
A travel router such as the TP-Link TL-WR702N acts as a highly effective hardware firewall which helps keep your computer isolated from other users on the network. (Most computers have a software firewall installed, but these can be disabled by viruses and other malicious software.)
7.Check for known vulnerabilities
When you connect your laptop to the internet when travelling, you may not be protected by any security systems your company uses to filter out malicious emails or to keep you from malicious websites. That can result in hackers exploiting vulnerabilities in the software on your computer to infect it with malware.
To reduce the chances of this it is important to check that your computer's operating system and other software has been updated with the latest security patches.
Security company Qualys offers a free service called BrowserCheck that scans your computer and provides links to updates for any software it finds with known security vulnerabilities.
8.Don't lose it in the airport rush
Tens of thousands of laptops are lost in airports every week, and only about one third are ever returned to their owners, according to research carried out by the Ponemon Institute.
One way to avoid leaving your laptop behind when you go through security or get called for your flight is to attach a proximity alarm such as a Kensington Proximo, a Proximity Tag or a Hippih hipKey to your laptop bag.
These inexpensive devices send an alert to your smartphone if they detect that they have moved more than a few metres away from you.
9.Keep your USB sticks secure
If you carry a USB memory stick to make backups of your work or store other data, it's important to make sure that it is as secure as the data on your laptop.
You can do this the same way that you can encrypt a computer hard drive - using TrueCrypt or a version of Microsoft's BitLocker called BitLocker To Go (which is included in some versions of Windows 7 and Windows 8.) Once encrypted the memory stick can only be accessed after supplying a password.
An alternative is to use a USB drive with encryption hardware and other security features built in, available from companies like IronKey. Its secure USB drives self-destruct if the wrong password is supplied 10 times in a row, making it all but impossible for a thief to access the data it holds by repeatedly guessing the password.
10. Lock it up
Perhaps the most obvious piece of advice, but one which is frequently ignored, is to make it hard for an opportunistic thief to walk off with your laptop.
One way to do this is by using a Kensington lock - a metal cable which you can loop around a suitable fixed object and which attaches to any laptop equipped with a Kensington slot.
Kensington locks certainly don't provide total security, as the cables can be cut or they can be ripped out of the laptop, but it is enough to make many thieves move on to easier pickings.