Friday, January 15, 2010

Laptop Security Risks

Laptops, whether they are Notebook size, Ultralights or even Mini-notes can be a security risk for any business. This is especially so in the legal industry where laptop computers are often used in trial and extremely sensitive data is stored on the unit itself.

Of our nearly 300 law firm clients, there are only a handful that do not have laptops of one sort or another. More often than not, attorneys use laptops as their primary computer inside the office, as well as for mobility. This trend continues to accelerate as laptop prices fall and technology improves.

One of the major places laptops are lost is in the security area of airports. Believe it or not, most major airports have stacks of “abandoned” laptops and while most times the owners come back and retrieve them, this can be a major security problem. There are new laptop cases that flip open to reveal the laptop without actually removing it from the bag. This should be a consideration for the firm.

While we are on this subject, what says, “Laptop” more than an expensive laptop case? Often it is prudent to put the laptop in a simple backpack or something that is not so obvious. Simply making your laptop computer less conspicuous will reduce the chance that a thief will grab your machine in a public place. Another good air travel tip is to keep your laptop in the slot under your seat. It’s certainly less comfortable but much harder to pinch. Lastly, the very best thing you can do is do NOT let your laptop out of your sight.

If you have sensitive data on your laptop, you may want to encrypt it. This feature has been around since Windows XP and with Windows Vista it is vastly improved by the Bit Locker feature. This CAN cause other problems so you must be very careful what you encrypt. Generally, individual files such as a Word or WordPerfect document are simple to encrypt and to un-encrypt when needed but databases and other such files can present a challenge. Also keep in mind that if you lose your password you lose the file, it’s pretty much that simple.

Often you do not really need to carry sensitive data, but rather keep it at the home office, safe and secure until needed. With the advent and proliferation of high speed Air Card devices you can now have a broadband Internet connection just about anywhere and most courts offer Wi-Fi as well, so getting what you need can be fast and easy.

You can of course also carry the sensitive data on another device such as a portable hard drive – which are now quite small – or on a flash drive. Flash drives are inexpensive, can hold enormous amounts of data and generally can be encrypted. The downside of this approach is that it is perhaps easier to lose these small devices than it is the laptop itself so little is solved.

There are programs available such as www.ztrace.com or www.sentryinc.com or www.computrace.com that will report the location of a stolen laptop once the Internet is accessed. For a small investment, an oft traveled notebook would benefit from either of the above. In addition, they are easy to purchase and implement.

Setting up a system password is another must on a notebook computer. It will seem like a pain when you have to enter the password on every startup, but it is a very good safety mechanism and we suggest that any firm laptop have this feature enabled. Most name brand and even off brand notebooks offer this feature embedded in the firmware of the machine so it is very difficult to bypass without opening the unit completely to get at the inside.

While it is not a security issue, we strongly suggest you insure the laptop computers you buy. This of course does nothing for data loss, but it does cover you for physical damage and loss. When we sell a laptop we recommend the client purchase the extra manufacturer’s warranty that includes Accidental Damage Protection. This is essentially the same thing you buy from www.safeware.com for example, supported by the manufacturer but it IS highly recommended. In this case, you simply sweep the pieces into a box and get a replacement overnight. That peace of mind is well worth the extra cash you will shell out to get it.

Anti-malware is an often overlooked part of a laptop. Desktop computers and laptops that are used as desktop replacements are connected daily to the firm’s network. Thus the network (generally) would take care of the absolutely essential anti-malware updates and Microsoft Security Updates in most cases. (During our Network Health Assessments, we are often shocked at how many firms do not even have these minimum security features on their network!) Traveling or “check out” notebooks however rarely get updates if at all and are thus extremely vulnerable. Malware can not only infect a computer and cause annoying things like pop-ups, but can also harvest and export important data, such as contact lists and the like. So be sure that the traveling notebooks are first connected to the network and updated before they leave the office.

Perhaps the last consideration is the ports on your laptop. Like any computer, your laptop will have USB ports and those can be used in a variety of ways to extract data to external devices. A recently popular method of stealing data called Pod Slurping where someone uses an iPod as a disk drive to steal data from your PC. This can of course be done by flash drives as well as other methods, but the key here is the USB port. Some manufacturers, specifically HP, allow you to set your USB ports to only allow certain types of connections. Thus you could plug in a mouse or a keyboard, but not a flash drive. Part of having a secure laptop is protecting the ports so keep this in mind when considering which models to select.

It is imperative to be sure of your security, especially in today’s environment. If you take the steps above, along with some common sense, your laptop will be safe and perform its intended function beautifully.

No comments:

Post a Comment