Laptop Security and Data Protection

Purpose

This document is intended as a guide for University of Florida IT workers who manage laptops and faculty, staff, and students who store sensitive or restricted data on laptops. This guide will describe methods you can use and product solutions you can deploy to protect user’s laptops against physical and data theft. Others are welcome to use this document as a reference, but some particular comments may be specific to within the University of Florida.

Contents

What are the Dangers?

Laptops offer a great convenience due to their portability. This portability, however, makes them a prime target for thieves. These thieves not only target portable computers for the value of the device itself, but also for the restricted data they might contain. Users who have a documented need to store restricted data on a portable computer need to take extra measures to safeguard that data from unnecessary exposure due to theft or loss. For details on classifying what is and what is not considered “restricted” data, see the UF Data Security Standard

Laptop Security

General Recommendations

  • Ensure that the most up-to-date virus and malware protection products are installed
  • Always use a strong password to protect your computer
  • Setup a preboot BIOS level or hard drive level password
  • Use a password protected screen-saver
  • Avoid leaving your laptop unattended and unsecured
  • If leaving your laptop in a hotel room, use the room safe or lock it securely to an immovable object
  • When connecting via wireless, use the UF VPN to encrypt your session
  • Install laptop tracking software to track your computer if lost or stolen
  • If your laptop is lost or stolen, contact the UF Police Department for assistance

Physical Protection

Paying attention to the physical protection of your laptop can go a long way to securing both your portable computer and the data you store on it. Consider the following products.

Company Product Type Website
Kensington MicroSaver Alarmed Lock Hardware Lock Alarm kensington.com
Targus DEFCON 1 Ultra Hardware Lock Alarm www.targus.com
syfer.nl Laptop Alarm PC Software Alarm www.syfer.nl
SlappingTurtle iAlertU Mac Software Alarm slappingturtle.com

 

Computer Tracking

Most computer tracking products install a software agent on the laptop’s hard drive which runs in the background to monitor the computers location based on current network settings. Some tracking products simply send e-mail reports to a user-specified e-mail address while others use the Internet to communicate periodically with a central monitoring service, usually hosted by the product vendor. The most advanced of these tracking systems can also make use of a cell phone networks, GPS satellite data, or tiangulated WIFI signals to communicate a laptop’s location.

Many computer tracking products also include a remote data destruction feature that allows you, in the event of loss or theft, to send a signal back to your laptop to initiate secure deletion of your restricted data.

One thing to keep in mind, computer tracking software can help in the recovery of lost or stolen laptops, but by the time the computer is recovered, any restricted data stored on the computer may have already been compromised. This solution is good for getting the laptop back but is usually too late to ensure that data has not been exposed.

Individuals can get more information about laptop tracking and purchase software from these and other companies:

Company Product Platform Website
Inspice, Inc Inspice Trace Standard win www.inspice.com
CyberAngel Security Solutions CyberAngel win www.thecyberangel.com
AbsoluteSoftware Computrace LoJack win/mac www.lojackforlaptops.com
Orbicule Undercover mac www.orbicule.com

 

Data Protection

Your laptop computer’s security is your responsibility, whether it is a personally-owned or university-assigned laptop. Due to its unique vulnerabilities, it is imperative you take special precautions when using restricted data with your laptop. To the fullest extent possible, laptop users should be diligent about safeguarding restricted data from unnecessary exposure due to theft or loss.

Data Protection Recommendations

  • Limit risk! If you don’t need access to restricted data then don’t store it
  • If you must store restricted data on your laptop, use encryption
  • When trasmitting restricted data over the network, use the UF VPN to encrypt the session
  • Install remote data destruction software to ensure secure deletion of restricted data in the event your laptop becomes lost or stolen

Remote Data Destruction

In the unfortunate event that your laptop is ever lost or stolen, a remote data destruction product can help secure restricted data by allowing you to remotely and securely delete all data stored on the machine. Most remote data destruction vendors provide customers with access to a website where authorized users can send a signal, over the Internet, to the software agent installed on the missing laptop which will prompt the agent to initiate a secure deletion procedure and then return the results.

Company Product Platform Website
XTool Mobile Security XTool Remote Delete win/mac www.xtool.com
Inspice, Inc Inspice Trace Enterprise win www.inspice.com
AbsoluteSoftware Computrace Plus win/mac www.absolute.com

 

Encryption

Encryption offers the best level of data protection. Even if someone gains physical access to your laptop, they won’t be able to decrypt the files to see or gain access to the restricted data stored there. Encryption offers protection by scrambling data using a key, only the owner of the key can decrypt and read the data.

Most products in this category offer encryption at either the file and folder level or, allow you to create encrypted “partitions” which basically mount as virtual drives or, provide whole disk encryption where your entire hard drive is encrypted automatically and access requires preboot authentication.

IT workers who need to deploy an encryption solution across multiple portable devices in their unit should give special consideration to the centralized key management features offered by the product vendor.

Company Product Platform Website
PGP PGP Whole Disk Encryption win/mac www.pgp.com
Microsoft BitLocker WinVista www.microsoft.com