You protect your home, car or bicycle with security systems, locks and preventative measures when you're traveling -- why should your mobile data devices be treated any less carefully?
Part 1 of this series, I showed how creating a mobile-device security policy is an essential step toward reducing data-loss risk. Here, then, are essential security practices and products for any business traveler carrying a laptop or portable device.
An Ounce of Prevention
Making a habit of safe computing can protect you and your company, even if a loss should occur.
For starters, before a planned trip, do hard-drive housekeeping to ensure that you're not toting around more data than you need. Today's 120-gig hard drives make it possible to carry around massive amounts of information, as seen by the size of some of the recent losses that have made the news, such as the University of California, Berkeley's laptop theft that exposed the personal information of 98,000 graduate students in 2005, or the 30 million names lost by an employee of the U.S. Department of Veterans Affairs in 2006. For most business travelers, there's no reason to archive many files permanently on your portable device.
So know what data you have on your laptop, and purge it regularly. If you must transport your company's complete financial records from the last three years to a meeting at the head office, or have complete HR files on every staffer on hand for a conference, delete it as soon as possible after the meeting.
Make backups of your portable device regularly, and find a more secure place to keep the disks than in your briefcase or laptop bag. Check to ensure that all antivirus, antispyware and firewall software is properly installed, and keep it up-to-date.
Also before you travel, protect your laptop with a password, so the system is locked before the operating system will start. If your laptop supports biometric authentication, use your fingerprint together with your password. Never share your password or leave it written on a scrap of paper in your laptop case.
Any smart traveler who will be storing sensitive data would also do well to invest in encryption software. These programs make the data unreadable if someone other than you accesses your machine.
Pointsec, which provides full-disk encryption for laptops, PDAs and smartphones, was even recently selected by a government agency for encrypting their mobile devices. For the budget-sensitive, free disk encryption products include the open-source product
TrueCrypt and Cypherix's free
Cryptainer LE, which creates virtual drives up to 25MB.
Finally, find out whether your company has a security policy, and follow it to the letter. Check to see who should be notified in case of a loss -- and have his or her after-hours contact info available, so you can get in touch as soon as a loss occurs.
Laptops Have Legs
The value and size of laptops make them attractive targets for thieves. Since this type of theft is often a crime of opportunity, always keep your laptop with you, and keep your eye on it. If you must leave a laptop or device in your car, lock it in the trunk or make sure that it's stored out of sight.
Though airports are full of security personnel, looking for thieves isn't their primary job. Thefts do occur, sometimes right off the security conveyor belts. Don't be distracted if someone ahead of you sets off the metal detector -- while you're watching the wanding, someone may be helping themselves to your unattended valuables. If possible, wait until it's your turn to pass through the metal detector before placing your laptop on the conveyer belt, and keep an eye on your things as they pass through the X-ray machine.
At your hotel, try not to leave your laptop in an accessible area, such as the front desk. Store your device in your room safe, or invest a few bucks in a security cable and lock. Many laptops have security slots to which you can attach a cable that can be wrapped around something stationary, much like a bicycle lock.
Kensington offers a line of locks with retractable cables ($30-$70); or try the Securitykit.com
Notebook Security Kit ($20) or PC Guardian's
Notebook Guardian ($40-$58).
Some laptop security products, such as the Targus
Defcon 1 Ultra ($50), even have an audible alarm built in -- especially useful if a thief tries to sever the cable.
Baby, Come Back
If, despite all your preventative measures, your mobile device does go missing, all is not lost: Asset-tracking and recovery software can actually help locate a lifted laptop.
When a thief logs on, this software reports the IP address of the stolen machine to a service company, which then determines the physical location of the Internet connection and uses that information to obtain a warrant.
If the computer is stolen, for instance, a company like
The LaptopLock will have you covered, for free: You log into your account on its site and mark your computer's status as stolen. When your machine is connected to the Internet, The LaptopLock will try to find out as much as possible about the connection to assist in recovery.
Computrace LoJack for Laptops ($50 yearly, per computer) tracks, locates and recovers stolen machines. Through an Internet connection, Absolute will track your computer's location and partner with local law enforcement to get it back. The company even guarantees that you'll receive a full refund for the purchase price of the software if your computer is not recovered within 30 days.
For extremely sensitive data, you might need to take more drastic action if your device lands in the wrong hands. Like a spy taking a cyanide pill, some software programs can automatically wipe your laptop's hard drive clean through a remotely activated feature.
For example, Absolute's LoJack for Laptops mentioned above has a remote-kill feature. If your mobile device is stolen, the entire contents of the hard drive or just specific files can be erased.
Bluefish Wireless also offers a program called
Central ($15), which sends out an SMS "kill pill" to Palm Treo devices. If your Treo is ever lost or stolen, Central transmits this signal to erase your data and reset the Treo.
Windows smartphone users can turn to PDAKill ($10) from
SCPSoft. On receipt of a specific SMS (text) message, PDAKill will wipe your entire device's data.
With all the technology that's now available, it's criminal not to protect yourself.
Russell Dean Vines is Chief Security Advisor for
Gotham Technology LLC and a bestselling author. His most recent book is
The CISSP and CAP Prep Guide: Platinum Edition
, published by John S. Wiley and Sons.