ISMAR
Your Source for Information Security Monitoring, Analysis & Reporting. Since 2016
How to protect the data on your laptop
Just like you, I simply love my laptop. It is amazing to be the owner and user of a device which has the power of a full-sized desktop PC, while having the dimensions of a standard notebook and only weighing 2 or 3 pounds. Actually, my favorite laptop weighs less than two pounds. Because portability matters a lot, right? In fact, this may be the main reason why many of us have dumped those heavy desktops for good.
Still, the fact that you are unable to carry a regular computer to the coffee shop has its advantages. No, I'm not talking about working with larger displays, because you can easily hook a monitor to your laptop as well. Instead, I am thinking at situations when disaster strikes: when you forget the laptop in a taxi, or when somebody steals it from you.
While today's laptops aren't as expensive as they used to be 5 or 10 years ago, I bet that most of you (myself included) value the data and the applications that are installed on them more than the actual hardware. Hopefully, you are backing all the data, and even creating full hard disk images regularly. Nevertheless, you wouldn't want the thief to get access to your private information. I am thinking at credit card data, user names and passwords, photos of you and your family, and so on.
So, how can you restrict access to your precious files even when your laptop falls into another person's hands?
Most people believe that Windows-based computers or Macs that utilize password-protected accounts will do the job, protecting their private data. Nothing could be further away from truth, though! To give you an example, most people will be able to view and edit your files by simply booting your laptop from a USB stick which contains another O.S. Then, all the hard drive letters will show up and can be accessed without any trouble.
If this doesn't work, the thief can simply move your hard drive to another system, mounting it as a second disk, and then having full access to its content. Or, he can install a password cracking application which is guaranteed to log him in as an administrator within a few hours or days of work, depending on the complexity of your password.
Yes, the problem is that serious. Fortunately, there is a simple solution to this problem: disk encryption. If you have a laptop that runs Windows, you can use the built-in BitLocker application to encrypt either full discs, or only the desired partitions.
Just go to Windows' "Control Panel" -> "System and Security" -> "BitLocker Drive Encryption". Set up a long, weird password; feel free to go wild with it, because its complexity will be the only gate that keeps thieves away from your precious data.
By default, the application will also give you an unlocking key, a small file that can be used to unlock the drive, in case that you forget the password. Write down the password in a notebook, and then try to memorize it; it may come in handy every now and then. Then, copy the unlocking key to a memory stick, and place it somewhere safe. Don't keep it in your laptop's bag, of course. You don't want to hand out the decryption key to the thief together with your laptop, right?
Mac users have access to FileVault, a similar disk encryption utility which can be found in the OS' "System Preferences" -> "Security and Privacy".
Once that you have stored your password and the unlocking key in a safe place, it's time to click the application's "Encrypt" button. The actual process can take from 1 to 20 hours, depending on the amount of data that is stored on your disk. Fortunately, at the end of the encryption process, your data will be stored using a strong, almost impenetrable algorithm.