QUESTION

Another of our laptops went missing this month. There's been so many scandals about lost laptops that we don't want to be the next high profile casualty! We want to make it so that the laptops are useless to thieves, and more importantly so that nobody can access our spreadsheets and databases!

Asked by:   Tom, company details witheld


  Mike Smart, European Product Marketing Manager, Secure Computing

There are two simple ways to lock down portable devices;

1) Strong Authentication
2) Encryption

If your portable devices have these two features, you have done as much as you can. Relying on Encryption with simple password authentication is the first step, but through social engineering techniques and Spyware this could be compromised. Adding strong authentication (Like PKI or token-based) adds a big increase in the level of security to this device.



  Andy Kemshall , Chief Technical Officer, SecurEnvoy

Hi Tom, The best way to keep laptop data safe is to encrypt it. There are two ways to achieve this. The first is to encrypt various folders such as 'my docs' that contain sensitive data with either Microsoft?s EFS disc encryption or other third party products. The second is to encrypt the entire hard disc with products such as Pointsec (www.pointsec.com) or by upgrading to Windows Vista where this is now included.

The downside of encryption is it adds a performance overhead whilst decrypting data that is in use. You may have a more serious threat if your laptops have been setup to access your company networks remotely, as most remote access clients, including Microsoft?s built in system, allow the password to be remembered by the laptop.

Thieves may therefore have access to all of your company?s internal data as well!

The industry standard way to prevent this is to introduce two-factor authentication which uses one time passwords. Companies such as SecurEnvoy (www.securenvoy.com) send one-time passcodes to users? mobile phones that must be entered in conjunction with the Microsoft username and password before access is granted. This means that organisations can be absolutely sure this it is not a hacker or laptop thief trying to remotely connect to their network.



  Nick Lowe, Regional Director, Check Point Software Technologies

With so much information now stored on laptops and USB sticks, it's essential for companies to have a sensible, workable mobile security policy in place which is part of the overall IT Acceptable Use Policy (AUP).

Here are a few helpful pointers to follow:

1. If you have sensitive information you do not want downloaded, then block end-points on computers with efficient and cost effective software.

2. Use encryption software on all devices that contain any sensitive information and always ensure that it does not impair the use of the device or slow it down, otherwise it's human nature to try and circumvent the security system! Making it transparent to the user, quick and easy to use is definitely the way ahead.

3. Educate your staff so that they are aware of the security and legal implications of downloading sensitive or competitive information

4. Specify that all staff members have to sign your security policy, to ensure that they will not download sensitive or competitive company information unless the device is encrypted.

5. Remember security is a two way process - you need to have your staff on your side, so complement sensible, workable policies, with centrally controlled security technology combined with trust, education and understanding.