Picture this: You or a colleague take a business trip abroad, maybe to Shanghai. The customs agent insists on inspecting your laptop. He takes it out of sight, just for 30 minutes, and then returns it to you. How would you know if your data was accessed? 30 minutes is plenty of time to copy your company’s most secret information if you haven’t protected it with adequate security and access controls.
Thanks to laptops, tablets and smart phones, employees can carry all the information they need between different offices, meetings, public transport and their own home. Anywhere with an Internet connection can now equally be an office. However, with this convenience comes problems. Sensitive data that was once kept under lock and key is now carried around. Laptop bags are a target for both opportunistic thieves and sophisticated criminals alike, and thefts are on the increase – late last year Intel reported that a laptop is stolen in the US every 53 seconds.
Even temporarily placing your laptop in the hands of someone else can be a security risk. And the perpetrators may not be your typical small-time criminals. Corporate espionage is on the increase, and the US has recently announced a clampdown on firms, particularly those in China, who are illegally gaining access to the States’ trade secrets.
So what can you do to make sure your data is secure? Well, the most important thing to remember is that leaving unencrypted data under the protection of a username and password is about as effective as leaving stacks of cash behind the protection of a screen door. Any hacker worth their salt will be able to break through this in hours, if not minutes.
Two-factor authentication should really be considered a must for anyone carrying sensitive information on a laptop or even a smart phone. Cards, USB tokens and one-time passwords are all examples of effective methods of two-factor authentication which could help to keep your data safe.
However, for the highest level of security, companies should consider pre-boot authentication, whole disk encryption and a biometric login. While standard passwords require your operating system to boot up, exposing it to hackers, pre-boot authentication adds a strong layer of security at the BIOS level, before your operating system is accessed at all. Biometrics could also be incorporated to create three-factor authentication— something you know (e.g. a password), something you have (e.g. a token) and something you are (e.g. a fingerprint).
Laptops are valuable – not only to your company, but also potentially to others. Corporate IT departments should ensure ample security controls are in place to avoid a potentially costly breach.