Security on the road

Some of your employees – often salespeople – are forced to take their notebooks everywhere: in their cars, on planes, to client sites. Unfortunately they must also occasionally leave them unattended in places that are not 100-per-cent secure, such as hotel rooms.

What kind of notebook data security features are out there to protect these notebooks and prevent your company from being exposed to dangerous data loss?

Here are eight features you may want to have in place on your company notebooks (or a combination thereof) to avoid data loss, starting with the most basic:

• Lockdown: Notebook computers are most easily kept in place with physical locks. If the thief cannot take your notebook and can’t get on your system, the data there is safer. While just part of a good security plan, it’s surprising how many users fail to buy even these simple tools until it’s too late.
• Word appropriation: Password protection can be enabled so that when your system sits idle for a time determined by you, a password is required to get it up and running again.
• One-man show: If you’re working on a plane or train you may be providing your neighbour with a pretty good view of some of your company data. If you have a job that requires presentation data, email or even Word documents to be kept absolutely secure – or if you’re just a private person – privacy screens are a simple add-on for notebooks that make it very difficult for others to see your screen. When you buy a notebook, you might want to make sure the tabs to support a privacy screen are built into the frame of the notebook so it can just clip in and stay there.
• Port retort: Some notebooks are equipped with ways to lock external ports when you are forced to leave the PC unattended. This prevents a thief from using a USB key or other external storage device to quickly grab data before your system times out and password protection kicks in, for example. “Unless you’re the owner of the notebook, you can’t access or introduce a foreign device to the system because you can lock-down that particular connection port and only allow devices such as mice and keyboards to attach,” explains Darren Leroux, product marketing manager, commercial notebooks, with Hewlett-Packard (Canada) Co.
• Drive thieves crazy: If your salesperson loses his or her notebook on the road but has password protection or some other security feature that a thief can’t get around, he/she will usually flip it over, take out the hard drive and connect it to another device to access the data. According to Leroux, a drive-locking feature “basically syncs that hard drive with the BIOS of that notebook so if you remove the hard drive you cannot access the data unless it’s [physically] on that notebook. The hard drive will not allow you to use it unless the BIOS authenticates it.”
• Get smart: Smart cards are another form of authentication. When starting up your notebook you simply insert the smart card, which is associated only with your password and login. Unless the smart card is in the notebook you can’t power on or log onto the system. “That’s a simple thing you can keep in your wallet and when you pull it out and throw it into your notebook you’re good to go,” says Leroux.
• BIOS-break: Then there’s biometric security. Many notebook computers now come with a fingerprint ID scanner, either standard or as an add-on. “That’s something you can lock down at say a BIOS level so before the notebook boots up you have to authenticate yourself,” Leroux explains. Or, you can set it up so that when you get to the Windows password screen you have to enter your password and swipe your finger. “If you really want to dial it up it would be: insert your smart card, swipe your finger and enter your password,” he adds. “That’s how regimented it can be, depending on the needs of the business.”
• Remote-protect: Finally, tracing services companies have ways of tracking stolen systems as soon as they connect to the Internet. With Absolute Software’s Computrace service, you provide your notebook’s serial number, subscribe to and pay for the service and the company will take a common image of your hard drive data. “So if they ever need to track it they just flip a switch,” says Leroux. “As soon as that notebook connects to the Internet, whether the hard drive has been wiped or not, all the required information will be uploaded back to the BIOS thanks to the TPM embedded security chip.” As soon as that notebook connects to the Internet it pings the tracing service company’s servers and they’ll see it at an IP address. They’ll call the authorities, subpoena the ISP and track it down. They can also wipe it clean remotely if it’s deemed to have very sensitive information and Absolute doesn’t think it can recover it in time, adds Leroux.

Darren Leroux is the product manager for commercial notebooks with Hewlett-Packard (Canada) Co. in Mississauga, ON.