MI-80

Laptops are everywhere, and if anything, are only becoming more prevalent. 2008 was the first year in which laptop sales outpaced desktops. Variations like netbooks have also taken off as no one could have expected. At the same time, the FBI’s National Crime Information Center reports a 48% increase in laptop theft over the past two years and legislation is slowly leaning towards serious punishment for organizations who leak information (the Department of Veterans Affairs is out $20 million due to its data breach in early 2006). So, with laptop use going up and their risks keeping pace, what can you do, especially in the middle of a recession? Know Your Legislation There are a number of federal and state laws regarding data breaches, especially their public disclosure and liability. It is important to know the regulations for where your organization operates. One of the more talked about laws over the past year deals with the disclosure of data breaches, mainly that you do not have to disclose a breach if the data is fully encrypted. This can avoid the financial and public relations costs and the associated harm for consumers. So know your laws, and more importantly follow their guidance! Implementing security will always cost money, but the public at large is growing tired of constantly having their data mistreated, so the legal penalties are only going to become stiffer for companies who fail to protect their customers. Know Your Software Options Encryption, especially full-disk encryption (which protects all your data instead of just selected files), has become increasingly common in the past two years. Additionally, their management has become easier and cheaper to implement and maintain. Windows Vista includes BitLocker, but only in its Enterprise (which requires a Software Assurance License and is only available in purchases of 25+ nodes) and Ultimate (the most expensive) editions. BitLocker was enhanced in Vista SP1 to protect non-system hard drives (like external and USB drives), and integrates well into Active Directory networks. TrueCrypt is an excellent free and open source alternative for smaller environments. Its management does not scale as well, but its technical capability match and surpass BitLocker – and it is free! There are many other alternatives as well, so review a variety of solutions to find what best fits your needs. Windows Server 2008 also includes Network Access Protection in addition to other centralized management features, keeping systems safe on the go and ensuring systems you introduce to the network (like returning from a trip where it has been off the network for a period of time) obtain a level of assurance before obtaining access to critical resources. Also, do not forget about anti-virus products, since nothing else matters if someone else is controlling your computer. Utilize Your Hardware Laptops now include a variety of security enhancing hardware, but too seldom do administrators or users take advantage of these features. Trusted Platform Modules, TPMs, are secure chips for your system to store small amounts of data on. For example, BitLocker uses TPMs to protect your encryption keys from viruses and other malware. Onboard TPM chips are not common in desktops, but are becoming very prevalent in laptops, especially anything marketed towards business customers. Additionally, fingerprint scanners now come on over 80% of new laptops. These offer secure and easy to manage alternatives to stringent password policies. Intel also promises a revised chipset this fall that will include an onboard encryption processer, completely removing the burden from your CPU. Check out what hardware you have currently to take advantage of that may be sitting idle right now. Also, factor these features into future purchases. While these recommendations may seem simple, the constant string of data breach disclosures over the past several years shows how infrequently organizations take even the most basic precautions to secure their laptop users and data. Knowing the laws that apply to you gives you a baseline of where you want to be, but taking advantage of hardware and software, especially that which you already have, is the first step in making sure data from your laptops is not next to make the nightly news.