Laptop Security for the Business Professional
Information security can seem very complicated for anyone that works outside the information security business. New security technologies come out every year, while new hacks and exploits are found each year to match.
It seems complicated because it is. There are few certainties in the world of digital security, and when it comes to managing sensitive business information, certainty is highly desired.
Despite these uncertainties, business professionals can at the very least be well-prepared to prevent information security issues, especially when it comes to mobile computing. The following paragraphs contain some tips to consider when using a laptop for business. Some are common sense, others might be new information, and many can be applied to desktop computing as well.
Physical Location
Know where your laptop is, and more importantly, know where your laptop should not be. It is frustratingly common for people to leave their laptops unattended with the expectation that no one nearby will take advantage of the situation.
One common way this problem manifests is by people leaving their laptops in their cars and visible to those outside the vehicle. Cars are broken into all the time and having the mindset that ‘it won’t happen to me’ is not recommended.
One other popular place for people to lose their laptops is the airport. Many times it isn’t even out of malice; people simply forget they had it charging next to them or accidentally leave it in a bin after going through security.
If you’re worried you’ll forget your laptop, there are certain things you might buy to prevent this, such as a proximity alarm linked between yourself and your laptop. If you go out of range of your laptop (which I assume is preset by the user), the alarm makes a noise to alert you of your mistake. This is of course useless for going through security, but might otherwise come in handy. Although upon reflection, you actually probably could sneak it through TSA security given their performance lately…please don’t actually try though.
If this is not for you or happens to be out of your price range, simply staying aware of your laptop’s location when out and about is an obvious solution.
Losing a laptop can be devastating, dropping a laptop can also be problematic. Drops can result in USB device not recognized or device not detected errors.
Updates
Keep your software updated, especially when it comes to your OS. Updates can certainly be annoying, but they often come with important security updates that resolve software vulnerabilities. Even if it seems like Windows is updating every day, it’s usually worth it.
If your antivirus needs updates, shuts off or expires, please, please, please figure out what the problem is and resolve it. Not having some sort of antivirus solution is inexcusable in this day and age, especially when there are free options.
Backup
Is your backup secure? The infamous 2014 celebrity iCloud leak has led many people to grow skeptical. At the very least, we know Gillware’s online backup is secure. In reality, and partially contrary to those who want to heap all the blame on Apple, many of the celebrity photos were accessed via phishing and brute force attacks to guess passwords. These vulnerabilities should not have been there in the first place and were exploited through third-party apps, so iCloud is likely fine to use. In any case, one of the most basic tenets of using the internet is not to follow potentially compromising hyperlinks, leading to phishing scams. You should also have a strong password so that in the event of a brute force attack (these shouldn’t usually be possible), you will still be secure
Encryption
Encryption is extremely important in regards to information security, and when you absolutely do not want unauthorized users accessing your digital information, encryption is the way to go. Generally speaking, there are two types of encryption (from a very, very basic standpoint): software-based encryption and hardware-based.
In general, hardware-based encryption is more secure than software-based simply because the encryption comes from the controller within the drive itself. It is generally more difficult to surpass this encryption (there are exceptions to everything) and performance is not affected as much since it comes from within the drive, rather than from some installed program. There are still certain vulnerabilities with hardware-based encryption, such as the fact that once you turn on and unlock the computer, the drive is decrypted. If you do not completely shut it off, it is vulnerable the whole time it is on.
If you want to know more about encryption, we recommend checking out our article on encryption in addition to this article dedicated to self-encrypting drives (SEDs). As our article mentions, there are certain risks inherent to the use of encryption, the main one being that it is possible to lose access to your own data if something goes wrong (which Gillware might be able to help you get back).
If your data is truly valuable, this should be less of a concern than attempting to effectively protect it. Likewise, understanding how and when to use encryption will greatly prevent the possibility of an encryption-based data loss situation occurring.
In regards to the very few certainties in IT security, the insane difficulty of cracking encryption is one of those certainties. Of course some types are better than others, but in general, it is very hard to get through encryption without the necessary key.
Overall, we recommend some form of encryption to protect your data. Whether that be through a software such as Microsoft’s BitLocker or VeraCrypt, the free spiritual successor to TrueCrypt, or through the purchase of a self-encrypting drive, encryption is one of the best ways to ensure your sensitive business data is secure.
Offline Versions of Files
Have you downloaded sensitive information onto your computer from the company network? Do you have important files permanently on your computer that perhaps should not be there? Are they adequately protected and secure on your computer? These are all questions to ask yourself when it comes to maintaining offline versions of important files.
It is convenient to be able to work on something offline, but if it means potentially compromising company information security, the costs far outweigh the benefits. This is particularly salient with a laptop as the information becomes mobile. If there absolutely has to be an offline version of some important file, ensure they are secure on your computer and closed/protected when you are finished working on them. Encrypting the files is generally a good solution.
Continued Reminders of Protocol
If your organization has security protocols in place to prevent data breaches, or you would like to create a protocol for yourself, it is extremely important to post periodic reminders of the protocol. For an organization, send out an email every month or two to remind people of the protocol and why it’s important. If you don’t, people will quickly either slack or forget and company information will be vulnerable. If you want to remind yourself, simply scheduling reminders once a month on your computer’s calendar is a good way to ensure you don’t forget. Once again, these reminders are very important and are the only thing that will promote continued adherence to information security rules.
Further Reading
To highlight the importance of information security, here’s a couple of articles on the subject. The first is a downloadable article hosted by IBM and conducted by the Ponemon Institute. This article covers the annual cost of data breach (globally or country specific) as well as the many effects it can have.
The second article is a short story about a hack that occurred in 2003, when one of PC gaming’s most historically beloved games was leaked a year ahead of schedule. This data breach cost Valve plenty of money in addition to setting them back a year on release. It’s not only interesting because of the effects of the hack, but also because it appears the hacker was actually a huge fan of the franchise and wasn’t acting purely out of malice. This is clear evidence that if your data is not entirely secure, there is no way of knowing who might try to access it. The best course of action is to be prepared and prevent the opportunity.