CIO.com

Laptop security best practices

By Joel Dubin

More employees with more laptops can mean greater exposure of your network to roaming security threats. And, in a worst-case scenario, a stolen laptop with sensitive customer data or proprietary company information can also expose the company to liabilities, legal or otherwise. Lost customer data can lead to identity theft and open the company to lawsuits. Lost proprietary information can damage the company's competitive edge, if not its business altogether.

More on mobile technology
Laptop-tracking technology rarely used among SMBs

GPS technology keeps tabs on field service workers

Large organizations have sophisticated network defenses and firewalls to block malware from compromised laptops. For outbound threats, they may also employ complex content control systems to prevent the loss of customer data or company information. Not so for small and medium-sized businesses (SMBs), which may operate simple firewall networks on a shoestring and don't have the cash to spend on expensive content filtering systems and software.

But there are solutions for SMBs that won't break the budget and involve little or no overhead. Many of these solutions rely on simple procedures and best practices that don't require bulking up stretched-thin IT departments or hiring a dedicated information security team.

There are three parts to laptop security: physical security, administrative access and technical controls.

Encryption is vital for making sure data on the laptop doesn't fall into the wrong hands, in case the laptop is lost or stolen. Full disk encryption makes the laptop unusable to anyone who doesn't have the encryption key. Even if the disk is foisted out of the machine and installed on a test bed, the data is gibberish.

Products such as SafeBoot Device Encryption provide full disk encryption and are designed specifically for laptops. SafeBoot N.V.'s product requires the user to authenticate with a user ID and password before the operating system loads. Because it loads before the operating system, it can't be defeated by Linux boot disks, such as Knoppix, which bypass operating system logons to access machines.

SafeBoot works behind the scenes, continually encrypting the hard drive while the user is working. Similar products are offered by PGP Corp. and GuardianEdge Technologies Inc.

All laptops, like their stationary desktop counterparts, should be outfitted with personal firewalls and antiviral software. They should be up-to-date with the latest security patches. If you use Active Directory for authentication, laptops can be further locked down using Group Policy Objects, again like the desktops that are also connected to the network.

Consider a VPN for secure communication back to the office for those on the road. A Secure Sockets Layer VPN doesn't require any software installed on the laptop but could cost more than an IT professional at an SMB is willing to spend. Products include those from Aventail Corp. and Juniper Networks Inc., and the open source OpenVPN.

If the worst happens, and a laptop is lost or stolen, a theft should be reported to the police and to the incident response team, if you have one, in your IT department. Even without a dedicated information security team, an SMB's IT staff should be informed of what happened. Free tools, like LaptopLock, can be used to register your laptops and can then remotely delete files or encrypt and disable the machine.

With these options, laptop security can be part of an SMB's overall IT security program with existing staff at minimal cost.

Joel Dubin, CISSP, is an independent computer security consultant. He is a Microsoft MVP, specializing in Web and application security, and is the author of The Little Black Book of Computer Security, available from Amazon.com. He has a radio show on computer security on WIIT in Chicago and runs The IT Security Guy blog at http://www.theitsecurityguy.com.

11 Jun 2007

All Rights Reserved, Copyright 2007 - 2024, TechTarget | Read our Privacy Statement