More than likely, your organization's laptops contain sensitive information that you can't afford to lose. But all too often, IT pros don't close the barn door until after the horse has escaped. You need to take steps to safeguard laptops and the information on them before you lose them. Here are the 10 most important steps you can take to secure laptops.
10. Never leave your laptop unattended—As in the data center, physical security is your first and best friend. If you leave your laptop unattended, even for just a few seconds, you're asking for trouble. Likewise, zip up your travel bag when your laptop is in it. In addition to preventing your laptop from accidentally falling out, zipping the case makes it much more difficult for someone to lift out that new ultraportable when your back is turned.
9. Attach identification—Affix one of the several available commercial asset tags to your laptop, or at the very least tape your business card to the computer. Although it will usually be the first thing to go if someone actually steals your laptop, a tag can help prevent other business travelers from accidentally picking up the wrong laptop at the airport and can help you identify your computer if someone tries to walk away with it.
8. Invest in a cable lock—Almost all modern laptops are equipped with a security slot that lets you attach a cable lock. Cable locks are inexpensive and easily portable. You can use them to secure your laptop to a large object, such as the desk in your hotel room or even your desk at work. (Forty percent of all laptop theft happens at the office.)
7. Limit the sensitive information on your laptop—When you travel, you put your information at risk no matter how careful you are. If you must store sensitive files, don't give them names that immediately reveal their contents (e.g., MyPasswords.txt).
6. Password-protect the BIOS—All modern BIOS configurations support password protection. Although this protection can be circumvented, password-protecting the BIOS can prevent someone from changing the BIOS and from booting the system without using the password. Also, configure the BIOS to boot first from the hard drive.
5. Use a Windows OS password—Many laptop manufacturers ship systems with the standard Windows Welcome screen and no password, leaving it up to you to protect your system. Your first step upon getting a new system should be to open Control Panel and click User Accounts. Select your user account and click Create a Password to password-protect the system. While you're in the User Accounts window, it's also a good idea to disable the Guest account.
4. Don't automate VPN connection scripts—Most companies have set up VPNs so that traveling employees can access corporate resources. That's good, but it's also a good idea to require a manual logon for all VPN connections. Automated logons make it too easy for laptop thieves to gain access to corporate data.
3. Consider tracking software—Some fairly new security applications enable your laptop to "phone home" if it's stolen. Some programs can report a laptop's physical location when it connects to the Internet; others can automatically delete sensitive data. Available products include AbsoluteSoftware's ComputracePlus (http://www.computrace.com), CyberAngel Security Solutions' CyberAngel Tracking Software (http://www.sentryinc.com), and zTrace Technologies' ZTRACE GOLD (http://www.ztrace.com).
2. Use EFS—Encrypting File System (EFS) can ensure that the sensitive information on your laptop stays private even if the device is lost. Windows XP's EFS lets you encrypt the sensitive data on your system, thus keeping data safe even if a thief installs a new OS to gain access to the computer.
1. Use a personal firewall—Losing your laptop isn't the only way to lose the information on it. If you're connected to a public network—or even an unfamiliar private network—your laptop and the data on it are potentially open to viruses as well as unauthorized access. Using Windows Firewall or another personal firewall, such as Zone Labs' ZoneAlarm, is the first line of security for protecting the data on your laptop from unauthorized network access.
