- Store only essential data on laptops.
- When sitting with the laptop not in use, wrap the laptop case strap around one ankle.
- Use a brightly laptop case, briefcase or handbag to carry the laptop. This will make it more noticeable and more difficult to steal quietly.
- Never leave a laptop locked in a parked car. If for some reason it's absolutely necessary to do so, lock the laptop in the trunk.
- Look for and use devices such as laptop cases with built-in motion detectors that can be armed when the user puts the case down.
- In a hotel room, use a cable lock to tether the laptop to a strong immovable and unbreakable object. Most laptop manufacturers are including a universal security slot in their laptops to accommodate this. Another option is to leave the laptop in the hotel safe.
- Eject and lock up PCMCIA NIC cards.
- Store flash drives and backup media separate from the laptop.
- Assign a complex password to thwart anyone who finds or steals a laptop from accessing the data.
- Encrypt the data on your flash drive, removable media and external devices.
Use Due Diligence
By implementing physical and application security measures in all corporate laptops, your company can do its part to protect data even if theft does occur. We've compiled some options:
- Document, publish and implement comprehensive laptop security policies.
- Give access to data only to individuals who actually need access.
- Purchase and install biometric fingerprint readers for corporate laptops, or purchase laptops that come equipped with such readers as a standard feature.
- Alternatively, use a token that requires non-biometric two-factor authentication, such as RSA or Privaris.
- Use a hardware/software solution like the Caveo Anti-Theft Card from Caveo Technology. It consists of a hardware motion detector that fits either directly on the motherboard or in PMCIA slots. Once tripped, the motion detector sounds a loud alarm while the software section of the piece makes the hard drive inaccessible.
- Use a permanently affixed docking station, anchor pads or anchor plates in the office to anchor the laptop securely on a desk or table.
- Use the laptop manufacturers' BIOS protection schemes that involve setting a password to provide some protection of the data on the hard drive.
- Use separate software application packages that require additional passwords for application-level access.
- Enable data on the file system, the hard drive, and/or corporate servers.
- Utilize antitheft tracking software from companies like Absolute, SecureIt, Xtool and ZTrace. These products enable a laptop to regularly use a trace signal to check in with an agency tracking center.
- Disable the Guest Account.
- Rename the Administrator Account. Amateur thieves won't know what to do and professionals will at least be inconvenienced.
- Create a dummy Administrator Account with an extremely complex 10-character password.
- Disable the Infrared Port on the laptop.
- Configure laptops on the corporate network to back up onto a corporate or rented server.
Solutions for securing the laptop computer and data are plentiful. Success depends on security being taken seriously and flexibly integrated with existing hardware and software while allowing for future expansion. As the technology front changes, security policies and procedures need to be modified and workers educated about dealing with security threats and breaches. Currently, the difficulty of securing data in motion appears to be driving the industry in the development of new products for the business arena. Functional and successful security for the laptop is a combination of alertness, astuteness and awareness of the accessibility and applicability of applying new solutions aggressively to evolving security problems.
D.E.Levine, CISSP, CFE, FBCI, CPS, is a contributing editor to ST&D, co-author of several security books and can be reached by e-mail at firstname.lastname@example.org.