A road warrior's guide to locking down your laptop

Here's how to protect your valuable notebook against prying eyes, snatching hands, and malicious Wi-Fi connections.

Mobile computing may be convenient, but it's also inherently risky. When you drag your laptop to the coffee shop or bring it along on your travels, you're making all your private data and one of your most expensive possessions a big, fat target for sticky-fingered thieves. And unlike traditional theft targets like jewelry or wallets, a laptop is an easy steal--the baddies just need to wait for you to turn your back, then grab the computer and run. In some cases, a criminal doesn't even need to steal your notebook. He can simply pull your sensitive data out of thin air.

Fortunately, you can do a lot to minimize the perils possibly encountered on the road. By taking a few simple precautions and following some common-sense practices while you're out and about, you can drastically reduce the chance that your laptop will be stolen and keep your data locked up tight. With great portability brings great responsibility!

Lock the front door

When you go on a vacation, you wouldn't leave your front door unlocked, would you? Of course not. You shouldn't leave your laptop completely defenseless, either. Lock your laptop's proverbial front door by making sure that your Windows user account is set up to require a password on log-in. A log-in password won't protect against an even semi-competent hacker, but it could easily be enough to dissuade unsophisticated criminals from snooping through your files after stealing your laptop.

Windows makes it very easy to change your password or to set one if you don't already have one. In Windows 7, just hit ctrl-alt-del and select Change Password, the fourth option down. After that's set, head to the Power Options in the Control Panel, click Require a password on wakeup in the left-hand pane, and click the radio button next to Require a password.

In Windows 8, just search for "Users" to open up the Users menu in your PC Settings. Here you'll find options to both change your password and require users to log in when they wake the PC .

Encrypt your data

As mentioned above, a user account password won't protect your data from a determined snoop--they're easily cracked, or the thief can simply plug your hard drive into a different computer in order to access your files directly. If you travel and have any files on your computer that you simply don't want anyone else to see, you should use full disk encryption to keep them safe.

Full disk encryption keeps all the data on your hard drive secure from anyone who doesn't know your password. If you have Windows Vista, Windows 7 Ultimate or Enterprise, or Windows 8 Pro or Enterprise, you already have full disk encryption in the form of Microsoft's BitLocker software. It's easy to enable BitLocker, and when you do your drive will be automatically encrypted, using your Windows user account password.

If you don't have a professional version of Windows, or your computer doesn't have a TPM chip, you can still use full-disk encryption, with TrueCrypt. TrueCrypt is free and open source, and as with BitLocker, we've covered its basics before.

Because the strength of encryption is pretty much entirely dependent on the strength of your password, now would be a good time to talk about good password practices. You've probably heard it before, but a password can be easily cracked if it's too short or simple, or if you use the same one across multiple services. For the rest of your security measures to be effective, make sure you're following these three simple rules:

A free password manager like KeePass can make it a lot easier to follow the above rules. Again, make sure you choose a strong master password.

Use a VPN on unsecured Wi-Fi networks

Unsecured Wi-Fi networkspresent a major threat to your system's security on the road. You don't know who else is sharing the network, potentially intercepting and recording packets wirelessly sent by your computer. Basic HTTPS web security does a good job of protecting data sent across the internet, but you are essentially at the mercy of the receiving site's security protocols. If you're transferring sensitive data, the sensible solution is to always use a virtual private network.

With a VPN, traffic originating from your laptop is encrypted, then sent to a third party server, where it can safely be forwarded on to the world wide web at large, safe from prying eyes. There are lots of options for connecting to a VPN--your company may provide one for you to use, or you can set up your own VPN server at home. For most people, the easiest option will be to use a web-based VPN, many of which offer a limited free service, and low-price monthly rates for heavier users. PCWorld's guide to VPNs can help n00bs and veteran traffic-tunnelers alike.

Install Prey

So far we've talked about how to keep your data safe if your laptop is stolen, but data's not the only thing at stake--laptops themselves are expensive! That's why you should have a plan for retrieving your laptop in the event that it's lost or stolen. We recommend Prey .

Prey is a (mostly) open source application that helps you locate your laptop. When everything's normal, it runs silently in the background and barely consumes any system resources. If your laptop gets lost or stolen, you can remotely activate the Prey software, and it will begin sending status updates about your laptop to the Prey website. It tracks the laptop's location based on nearby wireless networks, and captures screenshots of what the thief is using it for. The software can even use the computer's webcam to send you photos of whoever's using your lost laptop, or remotely lock down the laptop to prevent the thief from using it.

The free version includes all that functionality, and allows you to save up to 10 reports at a time for 3 devices. A $5 per month subscription lets you keep more reports and increase the report frequency. LoJack for Laptops is a highly regarded premium Prey alternative, with one-year subscriptions starting at $39.99.

Consider a remote data deletion service

Now, we don't necessarily recommend this step to all users. The full-drive encryption described earlier is pretty much fool-proof as long as your password is strong--unless your laptop was stolen by the NSA, you can consider your data safe. Still, if you're carrying really important company data and want true peace of mind, ask your IT department about setting you up with a remote deletion service, which can allow you to delete specific files or whole drives over the Internet.

For more details, talk to your IT department. Again, for personal use, we recommend full disk encryption, which is very reliable and doesn't involve a monthly fee. If you want the option available, however, LoJack for Laptops includes a remote data deletion option that overwrites data sectors seven times to ensure the information is really, truly gone.

Follow good physical security practices

The best way to protect your data, of course, is to not let your laptop get stolen in the first place. Here are a few simple ways to keep your laptop safe:

Join the CSO newsletter!

Error: Please check your email address.

Tags travelsecurityhardware systemslaptops

More about LoJackMicrosoftNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Alex Castle

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts