Dear Lifehacker, Recently a laptop was stolen from my office. As a result, our office IT staff sent out a memo advising us to make sure our laptops and data were as secure as possible, but they weren't too specific on how. I've just started taking my laptop home with me every night, but that's a pain. How can I secure the gear I have at my office, like my monitor and keyboard, and how do I make sure my data is safe? Sincerely, Security Focused
Photo by Timothy Vollmer.
Dear Security Focused,
Kudos to you for stepping in and taking responsibility for keeping your gear safe at the office. Most companies put the burden of that task on their internal IT department, and in some cases they may be so stretched thin that they don't have the resources to take care of every desk and user individually. Still, before you go too far down this route, you should reach out and ask them if they have any more suggestions, or at least make sure nothing we're about to suggest to you is contrary to company policy or will break something they're already using.
With that out of the way, your letter got us thinking about how to physically secure your equipment, and then how to virtually lock down your data. Let's tackle both topics separately:
The beauty of having a work-issued laptop is that it's portable: you can take it home with you if you want, take it to meetings, or just go sit in a quiet corner of the office and work without being distracted by people visiting your desk. However, that portability means it's easy for someone else to make off with your laptop when you're not there. Virtually every laptop has a security slot where you can attach a cable lock to keep your laptop firmly connected to your desk when you walk away from it. Consider buying a strong, keyed cable lock for your laptop when you're using it at your desk like the Kensington ClickSafe laptop lock, available at Amazon for about $US31, or the Microsaver DS for about $US40, to keep your laptop anchored to your desk while you're using it, or to keep it in place on your desk when you need to get up and go to the bathroom.
Since you mentioned you're also concerned about your other office gear, it's worth noting that many monitors have the same security slots on them these days as well. Buy an extra cable lock, or a dual-headed version of one of the ones above (like the ClickSafe Twin) which allows you to lock down two devices to the same cable. Then, as long as you have the cable firmly anchored to your desk or the wall of your cubicle, you won't have to worry about your laptop or monitor going missing if someone idly comes by and decides to swipe it. If you have a computer or monitor without a security slot, you can add one with a lock kit like the Datamation Snap Lock, which uses a strong adhesive gel to attach a security bolt to your laptop, monitor or desktop computer. You still get the ability to detach the lock and cable if you have a key, but without one, the gel is very difficult to remove. Just make sure you don't lose the key!
Now, since all of this equipment is company-provided, it's possible your IT department has cable-locks available for you if you want them. Contact them and ask if they provide them for you, or if they're responsible for purchasing them. If everyone in your company carries a laptop, it's more than likely they'll give you one, but you have to remember to use it. Your keyboard and mouse are a different story: if you're concerned about them at all -- and most people aren't -- just disconnect them from your laptop at the end of the day and stash them in a locked cabinet at your desk or in your office area if you have access to one (and if you don't, ask for one!)
Now that you have your laptop and your monitor(s) securely fastened to a wall or anchor-plate on your desk with a cable lock, here's the bad news: cable locks aren't terribly effective. They can be picked pretty easily, and someone with a pair of carpet scissors or bolt cutters can make quick work of a laptop cable lock, even if it's anchored to the furniture. They're more of a deterrent to keep people honest. Still, if you're leaving your laptop in the office at night (and in most offices, you need a key to get in after hours anyway) or you just want to make sure your coworker doesn't swipe your monitor the next time you go on vacation, a good cable lock is an affordable and easy to install (or take with you, if you want to stash it in your laptop bag) way to make sure your laptop stays where you put it. Just don't forgo common sense in favour of a cable lock, and opt to keep your laptop with you at all times when in public.
Most companies that are concerned with data security provide some encryption, backup, and data security tools to their employees. In my last job, every user's laptop came pre-installed with BIOS-level whole-drive encryption, so the hard drive couldn't just be removed from a computer and dropped into another one without being decrypted first. They also automatically backed up our data. If your company doesn't offer robust data protection, the first thing you'll need to do is make sure your data is safe and backed up securely. If your company isn't already backing up the information on your laptop, consider using a service like CrashPlan, a great on-and-offsite backup solution that we've discussed before, to make sure your data is backed up locally to an external hard drive or some other media, and also backed up remotely in case something happens to your laptop and the external hard drive (or if you need to retrieve your data on another computer far away.)
Whether your company backs up your data or you do it yourself, the next thing you should be concerned with is keeping that data safe from prying eyes. We've shown you how to encrypt your data using TrueCrypt before, and there are plenty of other options available to encrypt your data locally if you prefer another utility, but choose one and use it to encrypt the most sensitive data on your laptop. Whether it's payroll files that you don't want your colleagues seeing or just engineering or project documents that you don't want anyone else to see until the time is right, there's a strong case for making sure your data is encrypted, even locally. If you prefer to use a service like Dropbox to keep folders synchronised across computers, consider adding another layer of security to it by encrypting the data in your Dropbox account so it won't fall into the wrong hands, even if one of your Dropbox-authorised computers does. If your laptop somehow does get stolen or goes missing in the back of a cab, you can at least report to your boss that all of the sensitive company data that may be it is all encrypted.
Encryption and data security tools can only help as much as the person using them wants them to help. That means you need to keep strong passwords, stop using the same password for multiple applications and services (that means don't use the same password to log in to your computer as you do for your encryption software!) and lock down your work computer as much as possible. You may even consider adding a BIOS password to make sure the system won't boot without your password, but that won't stop someone from simply removing the hard drive (which is why we suggested encrypting sensitive data as well.)
Wrap It All Up
While you said your primary concern was with the physical security of your laptop, monitor and gadgets at the office, we thought it was important to remind you to pay attention to the security of your data as well. After all, there's only so much you can do to keep someone from stealing a laptop -- if someone really wants it, they'll get it. By that time, it's all you can do to make sure your data is backed up so you can retrieve it, and encrypted so the thief won't be able to make use of it.
If the thief is just after your laptop, you can always try a laptop recovery or theft tracking service like Prey to try and get it back or track the thief. Still, those apps have their limitations, and are useless if the thief removes the drive, wipes the drive or just sells the laptop without turning it on.
Regardless, the key to keeping your gear safe on your desk and your data safe on your computer is to apply a combination of these methods. We would be surprised if your company doesn't have specific suggestions for you and tools you can use to keep your laptop and your data safe and secure, but if they don't, you may need to take matters into your own hands. Just make sure that you use common sense and that nothing you choose to do conflicts with something they're already doing and you'll be fine.
PS: Did we leave out something important? Would you lock down your system differently if you were Security Focused's IT admin? Share your tips and suggestions in the comments below.
Got your own question you want to put to Lifehacker? Send an email to [email protected], and include 'Ask Lifehacker' in the subject line.