Laptop Encryption and Data Security

The loss or theft of a laptop could be critical to your business, yet many businesses do not adequately assess this risk and take appropriate action. “What does the loss or theft of a laptop cost a business?” is a question with an infinite range of answers. Victims can not only lose hardware, but software, and essential data that has not been backed up.

Apart from the actual cost of replacement, re-sourcing software, re-building the laptop and then restoring the original data – all add to the cost (time and money) – plus – until the laptop has been replaced, rebuilt and tested, there will be an impact on the business and the employee’s effectiveness within the business

What was on the laptop …?

If the laptop was used to log in to the main office systems, there may also be an immediate impact on business IT security – some remote systems authorize external user access (from the laptop) based on credentials stored on the laptop including web cookies, passwords, MAC Addresses, and possibly cryptographic keys. If any of these were stored locally on the “lost” device, there is an immediate compromise to the business’s security which would need to be addressed as a matter of urgency.

Some data may have been lost forever – if it was never backed up routinely or it was so new that it had never been saved on a backup.

What’s your data worth to you?

When did you last back-up the laptop data?

The loss of sensitive data, personal and company information is of significant risk to all employees and businesses and appropriate measures should be taken to protect the data adequately.

Use “CESG accredited encryption” such as BeCrypt

Use two factor authentication to log in to the laptops

Ensure the laptop has a working and up-to-date Internet Security suite of programs running

Ensure that the laptop is backed up to an external device daily

To protect your laptop and its data, make it harder for thieves to get hold of it through the simple security steps outlined above.  By encrypting data and good use of passwords, you can also ensure that the only value to the thief is from the sale of the laptop and not your data – the costs are minimal against the benefits realised.

Whichever solutions you implement, make sure they are seamless and quick, managed centrally, for additional security and auditability, and fully supported by the business.

Ensure that there is a business wide set of security policies which are fully endorsed by the business.

Ensure that all employees and users are fully trained and aware of the security issues.

Ensure all cryptographic keys & passwords should be centrally held by the security custodian (fire safe, preferably off site along with the daily backup media)