A road warrior's guide to locking down your laptop
- — 22 January, 2013 14:32
Mobile computing may be convenient, but it's also inherently risky. When you drag your laptop to the coffee shop or bring it along on your travels, you're making all your private data and one of your most expensive possessions a big, fat target for sticky-fingered thieves. And unlike traditional theft targets like jewelry or wallets, a laptop is an easy steal--the baddies just need to wait for you to turn your back, then grab the computer and run. In some cases, a criminal doesn't even need to steal your notebook. He can simply pull your sensitive data out of thin air.
Fortunately, you can do a lot to minimize the perils possibly encountered on the road. By taking a few simple precautions and following some common-sense practices while you're out and about, you can drastically reduce the chance that your laptop will be stolen and keep your data locked up tight. With great portability brings great responsibility!
Lock the front door
When you go on a vacation, you wouldn't leave your front door unlocked, would you? Of course not. You shouldn't leave your laptop completely defenseless, either. Lock your laptop's proverbial front door by making sure that your Windows user account is set up to require a password on log-in. A log-in password won't protect against an even semi-competent hacker, but it could easily be enough to dissuade unsophisticated criminals from snooping through your files after stealing your laptop.
Windows makes it very easy to change your password or to set one if you don't already have one. In Windows 7, just hit ctrl-alt-del and select Change Password, the fourth option down. After that's set, head to the Power Options in the Control Panel, click Require a password on wakeup in the left-hand pane, and click the radio button next to Require a password.
In Windows 8, just search for "Users" to open up the Users menu in your PC Settings. Here you'll find options to both change your password and require users to log in when they wake the PC .
Encrypt your data
As mentioned above, a user account password won't protect your data from a determined snoop--they're easily cracked, or the thief can simply plug your hard drive into a different computer in order to access your files directly. If you travel and have any files on your computer that you simply don't want anyone else to see, you should use full disk encryption to keep them safe.
Full disk encryption keeps all the data on your hard drive secure from anyone who doesn't know your password. If you have Windows Vista, Windows 7 Ultimate or Enterprise, or Windows 8 Pro or Enterprise, you already have full disk encryption in the form of Microsoft's BitLocker software. It's easy to enable BitLocker, and when you do your drive will be automatically encrypted, using your Windows user account password.
If you don't have a professional version of Windows, or your computer doesn't have a TPM chip, you can still use full-disk encryption, with TrueCrypt. TrueCrypt is free and open source, and as with BitLocker, we've covered its basics before.
Because the strength of encryption is pretty much entirely dependent on the strength of your password, now would be a good time to talk about good password practices. You've probably heard it before, but a password can be easily cracked if it's too short or simple, or if you use the same one across multiple services. For the rest of your security measures to be effective, make sure you're following these three simple rules:
A free password manager like KeePass can make it a lot easier to follow the above rules. Again, make sure you choose a strong master password.
Use a VPN on unsecured Wi-Fi networks
Unsecured Wi-Fi networkspresent a major threat to your system's security on the road. You don't know who else is sharing the network, potentially intercepting and recording packets wirelessly sent by your computer. Basic HTTPS web security does a good job of protecting data sent across the internet, but you are essentially at the mercy of the receiving site's security protocols. If you're transferring sensitive data, the sensible solution is to always use a virtual private network.
With a VPN, traffic originating from your laptop is encrypted, then sent to a third party server, where it can safely be forwarded on to the world wide web at large, safe from prying eyes. There are lots of options for connecting to a VPN--your company may provide one for you to use, or you can set up your own VPN server at home. For most people, the easiest option will be to use a web-based VPN, many of which offer a limited free service, and low-price monthly rates for heavier users. PCWorld's guide to VPNs can help n00bs and veteran traffic-tunnelers alike.
So far we've talked about how to keep your data safe if your laptop is stolen, but data's not the only thing at stake--laptops themselves are expensive! That's why you should have a plan for retrieving your laptop in the event that it's lost or stolen. We recommend Prey .
Prey is a (mostly) open source application that helps you locate your laptop. When everything's normal, it runs silently in the background and barely consumes any system resources. If your laptop gets lost or stolen, you can remotely activate the Prey software, and it will begin sending status updates about your laptop to the Prey website. It tracks the laptop's location based on nearby wireless networks, and captures screenshots of what the thief is using it for. The software can even use the computer's webcam to send you photos of whoever's using your lost laptop, or remotely lock down the laptop to prevent the thief from using it.
The free version includes all that functionality, and allows you to save up to 10 reports at a time for 3 devices. A $5 per month subscription lets you keep more reports and increase the report frequency. LoJack for Laptops is a highly regarded premium Prey alternative, with one-year subscriptions starting at $39.99.
Consider a remote data deletion service
Now, we don't necessarily recommend this step to all users. The full-drive encryption described earlier is pretty much fool-proof as long as your password is strong--unless your laptop was stolen by the NSA, you can consider your data safe. Still, if you're carrying really important company data and want true peace of mind, ask your IT department about setting you up with a remote deletion service, which can allow you to delete specific files or whole drives over the Internet.
For more details, talk to your IT department. Again, for personal use, we recommend full disk encryption, which is very reliable and doesn't involve a monthly fee. If you want the option available, however, LoJack for Laptops includes a remote data deletion option that overwrites data sectors seven times to ensure the information is really, truly gone.
Follow good physical security practices
The best way to protect your data, of course, is to not let your laptop get stolen in the first place. Here are a few simple ways to keep your laptop safe: