Secure Your Mobile Workers for Less
The security of your corporate data and the integrity of your company network are put at risk whenever you travel with a business laptop. That’s because the laptop is no longer protected by the physical security that your office provides, or the security systems designed to protect the software running on it. And any malware that gets on to your laptop has the potential to infect other devices on your network next time your laptop connects to it.
But mobile security need not be expensive: here are ten ways you can minimize these risks to your laptop at little or even no cost:
1. Encrypt the hard drive
If your laptop is lost or stolen, anyone who gets their hands on it could steal your data, read confidential emails, communicate with your contacts, and possibly even connect to your corporate network and cause even more havoc.
The best way to prevent this is to encrypt the laptop’s hard disk so that a password has to be entered before the computer will boot. This will also make your data inaccessible even if the hard drive is removed and connected to another computer.
For laptops running Windows Vista Ultimate or Enterprise you can use Microsoft’s BitLocker utility, included with the operating system, to encrypt the system drive. For other Windows, Linux and OS X systems the open source TrueCrypt application will do the same job for free.
2. Use a VPN
Connecting to the Internet from a business center, Internet cafe or airport hotspot presents a serious security risk as these are environments where it is relatively easy to intercept your data. A VPN encrypts all data before it leaves your laptop, and keeps it encrypted until it reaches a trusted environment such as your home or office network. If your company doesn’t provide a VPN, try the free OpenVPN. Simpler to use solutions include paid-for services like HotSpotVPN which uses OpenVPN, or remote access services like GoToMyPC or LogMeIn, both of which use data encryption to connect your laptop back to a trusted office or home network.
3. Update and patch your software
Most operating systems allow you to download and patch your system automatically, so it’s wise to ensure that this option is enabled to prevent it being vulnerable to known exploits. (Most systems recently infected with the Konficker worm had had Windows update disabled.) You can check for updates to common Windows applications using Secunia’s online software inspector.
4. Run a firewall and anti-virus software
There is some debate about how necessary anti-virus software is on Macintosh and Linux laptops, but it is wise to err on the side of caution. At the very least you should ensure a firewall is running. ClamWin is a free anti-virus applications for Windows, available from http://www.clamwin.com.
Alternatively, use a portable security device such as the Yoggi Pico USB security appliance which includes firewall, anti-spam and anti-virus scanners and intrusion detection on a device the size of a USB memory stick.
5. Bolt down your browser
If you use a Windows laptop, switching from Internet Explorer to Firefox means you are less of a target to hackers. You can enhance you security further by installing several add-ons, such as NoScript which can protect you against cross site scripting and clickjacking attacks. We've recently provided more coverage about security add-ons for Firefox, too.
6. Chain up your laptop
Most laptops have a security cable socket (known as a Kensington slot) which allows you to physically attach your laptop to a desk or table. While this may not be necessary most of the time, using a security cable is a sensible precaution at conferences or other busy environments where you may be distracted and unable to keep watch over your laptop all of the time.
7. Encrypt your e-mails
If you can’t use a VPN then you should avoid using standard e-mail applications to connect to POP3 and SMTP servers that don’t use encryption. If you do then your user names and passwords could easily be intercepted, making all your email from that moment on insecure. (This is not the case if your email servers accept SSL or TLS connection, however.) If your data is confidential it still makes sense to encrypt the contents using software such as the open source GNU Privacy Guard (GPG) and the FireGPG Firefox extension. We recently covered GnuPG-based e-mail security, if you'd like more information.
8. Keep your backup data secure
Keeping backup copies of important data and passwords separate from your laptop is always a sensible precaution in case your laptop is lost or stolen while traveling. To keep them secure ensure they are stored in encrypted form, ideally on a USB drive.
You can store files on an encrypted partition on a standard USB stick using the free TrueCrypt, as long as you can remember a long and secure password to protect it. For even more security you can secure files and passwords on a special USB stick like the IronKey The IronKey includes a feature which causes the device to self-destruct if the wrong password is entered ten times in a row, effectively preventing brute-force attacks which involve trying millions of different password possibilities until the correct one is found, and therefore making shorter, more memorable passwords more secure.
9. Practice safe computing
A laptop connected to the Internet outside the corporate network is not usually protected from malware to the same extent that it is when inside the corporate firewall protected by network security appliances. For that reason it is especially important to avoid opening attachments or clicking on links in emails from unknown senders, or visiting untrusted web sites. Doing any of these things risks infecting the laptop with malware.
Laptop users also often carry their computers around in bags which are very obviously laptop cases, advertising to thieves that they have a valuable piece of equipment. It makes much more sense to carry your laptop in a plain bag or briefcase which is a much less tempting target to criminals.
10. Password protect.
If you are not using your laptop, it’s best to shut it down completely. That way anyone who gets their hands on the machine will be unable to get past the security provided by BitLocker or TrueCrypt. However, protecting the machine from coming out of screen saver mode without a password provides some (weak) security against an opportunist who may get access to your laptop for a short period while your attention is diverted.