Experienced thieves easily bypass basic levels of password protection on laptops, and this is causing considerable concern within the industry.
There are two things you must do:
- Physical security: Keep an eye on your laptop. Never leave it unattended in a public place. Never leave it in the trunk of your car overnight in hotels. Always use a steel cable to secure it to a firm structure when using it outside its normal environment.
- Electronic security: First of all, don’t keep sensitive data on a hard drive. Use a complex password and, if possible, second level authentication, such as a token or other device. When the notebook is turned on but not in use, use the electronic lock function to activate the password input function. Use a password on any screen saver.
That takes into account the security of the laptop, but with connected devices, such as SD cards and USB sticks, the situation is different:
Anyone who steals the SD card or Pen-drive can read the data on any computer loaded with similar software. This is clearly a point of vulnerability; the best method to protect this type of device is to encrypt it so that it is useless without the decryption key.
This protection isn’t the expensive option it used to be, with open source software freely available. The best of these encrypt and decrypt on the fly and are transparent to the authorized party, but render the device useless to the thief and, in many cases, appear to be a blank device.
ISO27001 and laptop security