Ask LH: How Do I Keep My Computer Secure At The Office?

Dear Lifehacker, Recently a laptop was stolen from my office. As a result, our office IT staff sent out a memo advising us to make sure our laptops and data were as secure as possible, but they weren't too specific on how. I've just started taking my laptop home with me every night, but that's a pain. How can I secure the gear I have at my office, like my monitor and keyboard, and how do I make sure my data is safe? Sincerely, Security Focused

Photo by Timothy Vollmer.

Dear Security Focused,

Kudos to you for stepping in and taking responsibility for keeping your gear safe at the office. Most companies put the burden of that task on their internal IT department, and in some cases they may be so stretched thin that they don't have the resources to take care of every desk and user individually. Still, before you go too far down this route, you should reach out and ask them if they have any more suggestions, or at least make sure nothing we're about to suggest to you is contrary to company policy or will break something they're already using.

With that out of the way, your letter got us thinking about how to physically secure your equipment, and then how to virtually lock down your data. Let's tackle both topics separately:

Physical Security

The beauty of having a work-issued laptop is that it's portable: you can take it home with you if you want, take it to meetings, or just go sit in a quiet corner of the office and work without being distracted by people visiting your desk. However, that portability means it's easy for someone else to make off with your laptop when you're not there. Virtually every laptop has a security slot where you can attach a cable lock to keep your laptop firmly connected to your desk when you walk away from it. Consider buying a strong, keyed cable lock for your laptop when you're using it at your desk like the Kensington ClickSafe laptop lock, available at Amazon for about $US31, or the Microsaver DS for about $US40, to keep your laptop anchored to your desk while you're using it, or to keep it in place on your desk when you need to get up and go to the bathroom.

Since you mentioned you're also concerned about your other office gear, it's worth noting that many monitors have the same security slots on them these days as well. Buy an extra cable lock, or a dual-headed version of one of the ones above (like the ClickSafe Twin) which allows you to lock down two devices to the same cable. Then, as long as you have the cable firmly anchored to your desk or the wall of your cubicle, you won't have to worry about your laptop or monitor going missing if someone idly comes by and decides to swipe it. If you have a computer or monitor without a security slot, you can add one with a lock kit like the Datamation Snap Lock, which uses a strong adhesive gel to attach a security bolt to your laptop, monitor or desktop computer. You still get the ability to detach the lock and cable if you have a key, but without one, the gel is very difficult to remove. Just make sure you don't lose the key!

Now, since all of this equipment is company-provided, it's possible your IT department has cable-locks available for you if you want them. Contact them and ask if they provide them for you, or if they're responsible for purchasing them. If everyone in your company carries a laptop, it's more than likely they'll give you one, but you have to remember to use it. Your keyboard and mouse are a different story: if you're concerned about them at all — and most people aren't — just disconnect them from your laptop at the end of the day and stash them in a locked cabinet at your desk or in your office area if you have access to one (and if you don't, ask for one!)

Now that you have your laptop and your monitor(s) securely fastened to a wall or anchor-plate on your desk with a cable lock, here's the bad news: cable locks aren't terribly effective. They can be picked pretty easily, and someone with a pair of carpet scissors or bolt cutters can make quick work of a laptop cable lock, even if it's anchored to the furniture. They're more of a deterrent to keep people honest. Still, if you're leaving your laptop in the office at night (and in most offices, you need a key to get in after hours anyway) or you just want to make sure your coworker doesn't swipe your monitor the next time you go on vacation, a good cable lock is an affordable and easy to install (or take with you, if you want to stash it in your laptop bag) way to make sure your laptop stays where you put it. Just don't forgo common sense in favour of a cable lock, and opt to keep your laptop with you at all times when in public.

Data Security

Most companies that are concerned with data security provide some encryption, backup, and data security tools to their employees. In my last job, every user's laptop came pre-installed with BIOS-level whole-drive encryption, so the hard drive couldn't just be removed from a computer and dropped into another one without being decrypted first. They also automatically backed up our data. If your company doesn't offer robust data protection, the first thing you'll need to do is make sure your data is safe and backed up securely. If your company isn't already backing up the information on your laptop, consider using a service like CrashPlan, a great on-and-offsite backup solution that we've discussed before, to make sure your data is backed up locally to an external hard drive or some other media, and also backed up remotely in case something happens to your laptop and the external hard drive (or if you need to retrieve your data on another computer far away.)

Whether your company backs up your data or you do it yourself, the next thing you should be concerned with is keeping that data safe from prying eyes. We've shown you how to encrypt your data using TrueCrypt before, and there are plenty of other options available to encrypt your data locally if you prefer another utility, but choose one and use it to encrypt the most sensitive data on your laptop. Whether it's payroll files that you don't want your colleagues seeing or just engineering or project documents that you don't want anyone else to see until the time is right, there's a strong case for making sure your data is encrypted, even locally. If you prefer to use a service like Dropbox to keep folders synchronised across computers, consider adding another layer of security to it by encrypting the data in your Dropbox account so it won't fall into the wrong hands, even if one of your Dropbox-authorised computers does. If your laptop somehow does get stolen or goes missing in the back of a cab, you can at least report to your boss that all of the sensitive company data that may be it is all encrypted.

Encryption and data security tools can only help as much as the person using them wants them to help. That means you need to keep strong passwords, stop using the same password for multiple applications and services (that means don't use the same password to log in to your computer as you do for your encryption software!) and lock down your work computer as much as possible. You may even consider adding a BIOS password to make sure the system won't boot without your password, but that won't stop someone from simply removing the hard drive (which is why we suggested encrypting sensitive data as well.)

Wrap It All Up

While you said your primary concern was with the physical security of your laptop, monitor and gadgets at the office, we thought it was important to remind you to pay attention to the security of your data as well. After all, there's only so much you can do to keep someone from stealing a laptop — if someone really wants it, they'll get it. By that time, it's all you can do to make sure your data is backed up so you can retrieve it, and encrypted so the thief won't be able to make use of it.

If the thief is just after your laptop, you can always try a laptop recovery or theft tracking service like Prey to try and get it back or track the thief. Still, those apps have their limitations, and are useless if the thief removes the drive, wipes the drive or just sells the laptop without turning it on.

Regardless, the key to keeping your gear safe on your desk and your data safe on your computer is to apply a combination of these methods. We would be surprised if your company doesn't have specific suggestions for you and tools you can use to keep your laptop and your data safe and secure, but if they don't, you may need to take matters into your own hands. Just make sure that you use common sense and that nothing you choose to do conflicts with something they're already doing and you'll be fine.

Cheers, Lifehacker

PS: Did we leave out something important? Would you lock down your system differently if you were Security Focused's IT admin? Share your tips and suggestions in the comments below.

Got your own question you want to put to Lifehacker? Send an email to [email protected], and include 'Ask Lifehacker' in the subject line.


Comments

    Physically:
    office locked always (don't have a door stopper, can only open with key)
    keys to my office are not passed around, nobody is ever to enter my office without me or the other tech there.

    software:
    ALWAYS lock computer when not in use
    use a restricted account for general things, if i need admin access, log in as admin.
    if i leave my office for 1 minute, to fill my water bottle, i will still lock it.
    important data stored in weird folders (think program files)
    and use a STRONG password, change it regularly, and make it so nobody knows what it could ever be.
    something you will never like, be into, wouldn't know.
    never give out any details to anybody

    Don't keep the only copy of work data on your laptop, you have network storage for a reason. And it's backed up already!

    Thus, if you've taken reasonable measures (not leaving it visible on the backseat of your car, or other obvious for-the-taking places), who cares if your laptop gets stolen (aside from the inconvenience).

    Insurance companies factor in a certain amount of damage/theft of company laptops, unfortunately it's the reality we live in.

    From the sounds of it, the IT department probably just meant 'don't leave it lying on your desk overnight, we don't trust the cleaners'. A few pointers aimed at the IT dept:

    -If it's a company owned laptop with sensitive data, they should really be using full-disk encryption. These days there's no excuse not to.

    -Personal laptops shouldn't have local copies of work data. You can work via a Terminal Server or web interface, but no local storage.

    -For a fun option, try something like ialertu: http://www.youtube.com/watch?v=KkAtRfA1UXc

    - truecrypt
    - cloud or server backup
    - kensington lock (or similar)

Join the discussion!

Trending Stories Right Now