Having your laptop stolen can ruin your whole week. Hopefully, by now, you’re backing it up regularly and you know that there’s software available that can dramatically improve the odds of getting your computer back. But perhaps the creepiest aspect of having your laptop stolen is that someone might be going through the information you have on it: Email, contact lists, web browsing history, passwords, financial information, family photos and, if you use the computer for work, potentially sensitive business information.
Just imagine a drug addict (they steal computers and sell them to buy – you guessed it – more drugs), a competitor (they’d like to know what you’re up to) or a nosy, unethical employee where you work (70 per cent of thefts are committed by insiders) sitting there looking at everything on your notebook, including some things that even have been deleted.
And then there are overzealous governments, criminals, and other prying eyes who might enjoy rifling through your notebook hard drive or even copying every bit on the hard drive for a detailed forensic analysis when you’re not around.
If none of that would bother you, no need to read further. But, for the rest of you…
There are a lot of different encryption products available to protect data on your laptop. But, sadly, many of them dive quickly into technical details and scare most people off. So, while I’d be happy to answer your technical or security questions , I’m going to avoid all that and just tell you what you need: Full disk encryption software or FDE, for short.
Once installed, FDE software protects your entire hard drive and is very simple to use: You turn on your computer, type in your passphrase, and then the computer boots as usual. Some people confuse their computer’s BIOS password with FDE. but the two are quite different. BIOS passwords can be easily bypassed but, if you forget your FDE passphrase, the same mechanism that stops an intruder from getting your data will apply to you. If you’re using a corporate FDE solution, your company will almost always have a system that allows them to recover your passphrase or decrypt your hard drive. If you’re using a stand-alone solution, make sure you understand the recovery options availible. For example, many products will allow you to create a recovery disk to keep somewhere safe in case you forget your passphrase.
There are several good products on the market, including SecureDoc from WinMagic, Check Point Full Disk Encryption (formerly Pointsec), McAfee Endpoint Encryption (formerly SafeBoot), DriveCrypt, from SecurStar, and TrueCrypt.
The WinMagic, Check Point, and McAfee products cater primarily to corporate and government clients. These products emphasize enterprise management of encrypted drives and are generally too complex and expensive for individual users.
DriveCrypt is available as an online purchase from Germany, and TrueCrypt is a free, relatively easy-to-use open source product with a huge following. Both offer some interesting features, including the ability to hide one operating system inside another. While there are some catches, the feature is intended for situations where one may be (or feel) compelled to disclose their FDE passphrase. Without going into technical details, it basically gives the user two passphrases. One provides access to their “real” system, while the other provides access to a decoy.
While each of the products has its strong points, TrueCrypt is hard to beat for individual users. I’ve tested it on several laptops with great success. Corporations, of course, should compare the commercial products so that they can retain control of their encrypted information and assist users should they forget their passphrase. When purchasing a new notebook, both individuals and businesses should also consider a “self encrypting hard drive” if offered by the manufacturer. (More on hard drives with built-in cryptography in another article.)
No matter which product you choose, there are three very important things to remember:
- Pre-boot authentication is a MUST. In other words, if you can turn on your computer and it boots into Windows (or whatever operating system you are running), your data is not protected.
- You must choose a complex (i.e. difficult-to-guess) passphrase and it must not be written on your computer, in your laptop case, or anywhere else someone is likely to find it. The best passphrases are created by creating a phrase that is easy for you to remember and difficult for others to guess. For example “elephantseatbreakfastB4readingtheTLP” would be very difficult to someone to break. Chances are you’ll only be typing it once or twice a day, so make it long!
- Take the time to understand the recovery capability your product provides. If it offers to create a recovery disk, do so and store it safely. Never store it with your computer!
Protecting your data in the event that your laptop is stolen is easy and, in the case of TrueCrypt, it’s also free. Speaking of free, I also should mention that some of the easiest ways of preventing laptop theft are free: Don’t leave it unattended in hotels, airports or meeting rooms — even for a few minutes — and make sure it is not visible if you leave it in your car.