Tuesday, September 04, 2007

Laptop security

There was a 1/8th page advert in Friday's Daily Telegraph (that's the Sydney tabloid paper) that caught my eye. A $20,000 reward for the return of a lost laptop containing "family photos and videos". There's a report here.

To me, that is a lot of money. The machine (an Acer TravelMate) is probably worth 5% of that. I accept that there are circumstances which could mean some photos could be irreplaceable (though generally I'd expect such photos to have at least been emailed to friends or family, or videos put onto a DVD to watch) . I can even accept that there are people who can put their hands on $20,000. The laptop was stolen from Wahroonga, which is quite a well-off suburb.

Now personally, I've got a couple of external USB drives and photos don't get erased from the camera until they are on both the PC and a backup drive. Our video camera is old enough to have tapes, which get kept rather than overwritten. And the only time I see $20,000 is in my dreams. So no-one would get that sort of money for my laptop. I'd guess for most individuals, backing up their data would remove any premium value fo their laptop. In this case, the backups appear to have been stored with the laptop.

But to a business, the value of their data on a laptop (even if it is backed up elsewhere) could be massively more than the cost of the machine. There's a whole mess of legal and compensation issues if the information is required to be kept confidential.

In my latest role, I've been supplied with a work laptop. I've taken precautions. Firstly, I added ClamWin, an open source virus scanner and did a scan. It may not be as pretty as some scanners, but I don't have to pay for it so I'm content. Then I added TrueCrypt (again, no dollars required) and created a couple of encrypted volumes. Any work data and documents can get recorded in those. Next of the freebies was Eraser and a single pass overwrite of unused diskspace. I set the PC to "Clear Virtual Memory Pagefile" on shutdown, and disabled hibernate too.

I won't fool myself that this is bullet-proof. I read the Security Monkey blog (and recommend it heartily), and should be looking at whole-disk encryption for a better level of lockdown.
However these precautions are sufficient for me to be able to sleep at nights knowing that someone casually browsing the disks won't pick up anything.

No comments: