The Importance of Using Mobile Encryption
This might come as a surprise to you, or perhaps even alarm you, but on the city of London’s public transport system alone, around 200 laptops are handed into lost-property offices every day. This figure, which doesn’t even include all the ones that are never recovered, extrapolates out to over 50,000 every year just for the buses, taxis and underground trains in a single British city.
London is the country’s largest centre for business, with head offices for many major multi-nationals, web commerce firms and government agencies (including the security services and the armed forces).
Now with a business machine there will be a log-in for a laptop. But is it ever really enough? The one thing that a password won’t protect against is the physical removal of the hard disk from a laptop, something that’s becoming easier to do as the hardware in many business machines becomes more user-upgradable. I have a dock for a laptop drive that I need for my work. It cost me a little over £10 and its USB3 connection means I can copy the entire contents off a drive in short order.
Even putting a system password on the laptop’s BIOS won’t protect against this. But how likely is it that anybody would ever physically remove a hard disk anyway? It could be argued that any thief would simply reformat a disk they couldn’t access, wiping the data.
While this might be true for some less-educated and tech-savvy thieves, the value of data is rising every day and commercially such information can be sold, used for corporate blackmail or perhaps even worse. With this I mean that the fines for breaches of the data protection act in the UK can be harsh, especially with the high-profile breaches we’ve heard about over the last few years. These breaches again, don’t forget, are only the ones that we’ve heard about. We can be certain that there are a great many more that occur every single day.
So how can your company, or an individual, protect their data on a laptop when lugging it around in the back seat of the car, on the tube or in a taxi? The Encrypting File System that’s been a part of Windows for over a decade is one solution, but it’s not ideal as it maintains file encryption when files are copied off the computer. If something then goes wrong with the host computer you could find yourself unable to access both the original and the now encrypted backups.
Bitlocker in Windows Vista and Windows 7 is the answer, and this is a feature that will expanded and carried forward into new versions of Windows. It is a full-disc encryption system that is so secure that the US State Department once asked Microsoft to put in a back door (which they sensibly refused to do).
Laptops with Trusted Platform Module (TPM) chips on the motherboards which carry the encryption keys are becoming much cheaper and more commonplace. This chip will prevent the data form being read even when the hard disk is removed. Bitlocker is, frankly, the only way to secure your data for laptops running Windows.
So why should you do this? After all, you can’t afford to replace all your laptops today with TPM-enabled ones. As a purchasing policy for any company this should be at or near the top of the list. The data protection registrar in the UK is getting less and less tolerant every day with privacy and data breaches, and the EU is also jumping in with their own legislation and fines.
If those fines don’t put your company is a very difficult financial position then the negative publicity and the loss of customer confidence could shut you down completely. It is wise to remember that even in this social Internet age, people do not give away their personal data freely. Everyone is becoming more aware and savvy of the need to protect their privacy, and if that means withdrawing completely from a company, online or otherwise, to do so they probably won’t hesitate.
Advertisement
“Bitlocker is, frankly,” NOT “the only way to secure your data for laptops running Windows”
Such a statement immediately led me to the author blurb, which reveals he is a Microsoft MVP. Nothing at all wrong with that — but really now, to try to use this kind of scare tactic to lead people to believe Bitlocker is the only choice is just, well, frankly, wrong.
TrueCrypt, an open-source file, folder or volume level encryption tool has been around for years and is very well reviewed. And there are many other data encryption tools available.
I have set up a number of Truecrypt ‘volumes’ for data in several scenarios. One of the things I like about it is the volumes are portable, and can be accessed –with the proper key(s) of course– from multiple platforms, not just windows.
There will undoubtedly continue to be discussions between folks who favor entire disk encryption (meaning the OS and all your applications are encrypted, besides data) vs. user data encryption. And there will likely also always be more than one option or way to accomplish such.