Laptops increasingly raising data security concerns

When computer backup tapes containing 77,000 personal medical files were accidentally auctioned off, the BC government did the right thing and tightened regulations in hopes of preventing a reoccurrence of the incident.

Laptop computers, however, are far more prone to theft or loss. And when the laptop is gone, so is all the data on the hard drive.

At almost the same time as the B.C. backup tape mishap was discovered, a laptop belonging to a Boston-based Fidelity Investments employee went missing at an off-site business meeting. On it was a database file with names, social security numbers and personal financial data of almost 200,000 HP employees belonging to retirement plans managed by Fidelity.

Increasingly popular with both business users and consumers, laptops now account for over half of the computers bought in the U.S. and Canada. They’re also increasingly popular targets for theft; 318,000 laptop thefts were reported in the U.S. in 2003. Vancouver-based Absolute Software notes that a laptop is stolen every 53 seconds.

You need two levels of protection: one for the laptop, another for its data.

Get a laptop lock and use it.

Is a briefcase visible in your parked car? Bad idea. Don’t leave the laptop out on the desk when you leave your office in the evening. Lock it away in a desk or filing cabinet drawer. A non-descript briefcase or backpack is a better choice than a custom carrying case that screams “laptop inside.” And keep your eye on your laptop at all times as it goes through airport security checks. Engraving your driver’s licence number on the bottom can help identify it in case of loss. Keep a record of the laptop’s serial number in a separate location. Consider having an asset recovery tag – a small metal ID – super-glued to your laptop (www.securitrac.com or www.stoptheft.com).

A service like Absolute Software’s CompuTrace, once installed onto your laptop, automatically contacts a monitoring centre, allowing it to be located if lost or stolen.

Keeping current backups of your data will ensure that anything lost on a stolen laptop is replaceable. But you can also make sure that data on your laptop’s hard drive is not easily read.

Set up your laptop to require a valid user name and password at log-in. Disable the guest account and make sure the administrator account requires a password. If you’re running Windows XP Home Edition, this can be a bit of work; Home Edition hides these basic security features to make it “friendlier” for consumers.

Encrypt your data files; many applications, including the various Microsoft Office components include the option to password-protect files when you save them. Mac OS X users can easily encrypt all personal documents by turning on that operating system’s FileVault feature. Windows 2000 and XP (Professional only) users can right-click a file or folder icon, choose Properties and then click the Advanced button to find an option to encrypt contents.

For both Mac and Windows XP users, files are automatically decrypted when you’re logged in, but the data is unavailable to any one else accessing your computer.

Maybe you should only be accessing vital files across your network. Your IT department may be able to set up a virtual private network to allow you to log in from home. Or keep the files (in encrypted format) on a USB memory key and keep that device separate from the laptop when you’re not using it.