Laptop Security: Be Deliberate

Laptops are commonplace today and so is their theft. But losing the computer often doesn't matter as much as losing the data it contains.

Case in point: Qualcomm's chairman and CEO recently gave a speech to the Society of American Business Editors and Writers at the Hyatt Regency Hotel in Irvine, California. After his speech, numerous journalists gathered around to ask questions. During that brief time, he was never more than 30 feet from his laptop, yet someone managed to steal it. The laptop contained some of Qualcomm's most valuable trade secrets (reported to be worth millions), which are now in the thief's hands.

News reports indicate the laptop was running a Microsoft OS and required a password to access its files, but the OS had no file encryption in place. In one report, the executive openly commented that he hoped Microsoft's password protection would prevent access to the laptop's data. But certainly you realize someone can access the laptop's files without a password. For example, a person can use an NTFS book disk if the laptop uses that file system, or someone can simply install a new OS, boot it, log on, and access the data.

The need to protect portable computing platforms is obvious in this light. Not only must you guard the device at all times, you should also consider some form of disk encryption to protect against a worst-case theft scenario.

If you prefer the Windows platform, consider adopting Windows 2000 for systems that store sensitive information. The new OS contains an Encrypting File System (EFS) that uses public key technology to guard files. Without the private key, users can access the file system only through an account that has been authorized as a private key recovery agent. Learn about EFS and some best practices by clicking here. You can also find two articles on our Windows 2000 Magazine Network written by Mark Russinovich that explain EFS in detail. Search for "Encrypting File System" to locate the articles quickly.

Also, be aware of a nuance to the EFS utilities, which Windows 2000 Magazine contributing editor Kathy Ivens recently discovered: EFS documentation states that read-only files won't be encrypted. However, Kathy found that in one scenario, read-only files are encrypted. If you use the Properties dialog in Windows Explorer to mark a folder encrypted, a message asks whether you want to encrypt all subfolders and files. If you choose not to do so, all files in the selected directory, including any read-only files, will be encrypted. This does not occur with the command line EFS utility Cipher.exe. We alerted Microsoft about this matter, and the company intends to clarify the nuance in the documentation.

If you prefer not to rely on EFS to protect your data, consider the encryption solutions other security vendors offer. You can find several listed on our Windows 2000 Solutions Shopper site. Search for "encryption" to find related security products.

Also, consider using a laptop cable lock to secure the device when you can't guard it closely. In addition, you might want to install a utility such as Stealth Signal that can "phone home" when connected to the Internet to report a system's IP address, which you can use to help locate a stolen system. Until next time, have a great week.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.