- How to use electrical outlets and cheap lasers to steal data
- The botnet world is booming
- NTIA seeks volunteers to review broadband applications
- The 10 dumbest mistakes network managers make
- What's driving this university to IPv6? Going green
With reading the news reports of stolen laptops from the Veterans Administration and the Red Cross, to mention just two, I
am getting more concerned about the users my company has traveling that have laptops with sensitive company information on
them. I don't think that I can get support to not have company data on the laptops, so what are my options to protect the
information?
-- Via the Internet.
There are several methods that you can use. The first is some type of encryption on the laptop in the area where the sensitive information resides. You can use Microsoft's Encrypting File System (EFS) to designate a area of the hard drive where all files that are stored there are encrypted. Depending on the level you want to take it, you can consider encrypting individual files.
Another tool to consider is an open-source tool called truecrypt. This tool is available for Windows and Linux platforms. One thing I like about this tool is that you can choose from multiple level of encryption and require a keyfile in addition to a password in order to access a file. It can even be installed on a USB Flash drive so the data is stored independently of a laptop computer.
You can also consider requiring some type of physical-access requirement to the laptop computers so that just a username and password isnt sufficient to gain entry. More and more laptops are coming with some type of biometric sensor so that you can also use a fingerprint swipe to gain access to the computer. One company by the name of Access Smart has a smart card that can either be used in a PC-Card or USB style reader.
Keeping the smart card in a separate place from the laptop and using that as a part of the login process adds one more step in the process to delay if not prevent the ability of an unauthorized party of getting access to your data.
Since getting access to the data may just be a matter of time, you may also want to consider adding an additional piece of software that essentially amounts to LoJack for laptops. Basically the software has your PC "call home" and report what IP address (among other things potentially depending on the software) it currently has which can be used to trace back where it is being used. This information is then reported to the nearest local police agency who should be able to help recover the laptop and with luck, your data still protected by the other mechanisms you may have put in place.
Comment