Over the past couple of years, laptop computers have continued to lose ground to tablets and a broad range of other mobile devices; but they still play an important role in maximizing the productivity of many. While I rely heavily on my own mobile devices for certain activities, my laptop remains the centerpiece of my business. As a professional security consultant, it’s especially important to me that I protect the sensitive information entrusted to me by my clients. In fact, my clients often ask what types of steps I take to ensure that my laptop and data storage systems are ‘secure’.
This article is intended to outline a few options for locking down a laptop computer – primarily targeted at other solitary professionals who are responsible for protecting sensitive data. I say solitary, because if you are part of a larger organization, many of these issues may (or may not) be addressed for you already. These steps can also be taken by any security-conscious individual who just wants to keep from being a victim.
Let me first start by saying that a LOT of this is about personal preferences.
There are a TON of options for how you might go about setting up a laptop. Many security professionals I know prefer to run Linux or Unix based operating systems, while others tend to prefer a Windows-based platform. For the purpose of this article, I am going to begin from the perspective of a Windows machine; Windows 7 Professional still being my preferred OS for general productivity work.
If Windows is your starting point, then hopefully you’ll find some useful information here…
Let’s dive in:
Situational Awareness and Physical Security:
You can’t start any conversation abouut laptop security without pointing out the obvious. Laptops are small and easy to steal. They are also easy to unload – so they make sweet targets. Just be smart and you should avoid most physical security problems. If yo’re on the road, make sure that you use a computer bag with a shoulder strap – preferably one that would make it difficult for someone to remove your laptop from your person without you noticing. When it’s not being carried, use a lock (there are even ones with alarms built-in) or keep it in a safe (or some other secure location). Again, be smart and you’ll be fine in this area.
Physical Tracking and Shutdown Services:
If you do manage to find yourself in a situation where you have one less laptop than you should have, there are a few great tools on the market that will allow you to track or trace the computer, and/ or to prevent it from even being booted. LoJack for Laptops is one example, but I use PCTheftDefense myself (it came with my Sony Vaio). You just set up an account on-line, add a passcode, and off you go. If your laptop is lost or stolen, you can go to the site and shut down the device. If the laptop isn’t used for a few days (it misses its check-ins with the server for too long), you’ll have to enter your passcode to even boot the thing. While this may sound a little annoying, it’s actually a nice feature.
Locking Down the BIOS:
The BIOS is your friend when it comes to laptop security. There aren’t too many things that you can actually do with it, but the couple of options you have here can make it nearly impossible to use the device (well, unless the BIOS is physically reset that is). Anyway, there are two quick and easy things you’ll want to do. First, enable a strong password for gaining access to the BIOS. After that, make your hard drive is the only bootable device. This will make it difficult to start the laptop with a CD or USB drive if it ever falls into the wrong hands.