10 steps you can take to secure a laptop

An essential element of information security

TODO alt text

Travelling with a laptop can represent a significant security risk to your business. This is because the data it contains is far more vulnerable when you are on the move than when you use a laptop in the relative safety of your office or home environment.

It doesn't have to be stolen; because it takes just seconds for a hacker to slip a USB stick into a laptop when it is unattended to install malicious software or steal data. Even relatively unsophisticated hackers can run programs like Mailpassview from a USB stick to steal your email account details and email password.

There are steps you can take to reduce the risk. Here are 10 simple things you can do to help keep your laptop secure when you are on the go.

1.Use a password

Ensure that your Windows account is protected with a password. The laptop should be configured so that the password has to be entered every time you turn the machine on or when it comes out of hibernation, sleep or screensaver mode.

An account password is an effective first line of defence, but only if you avoid choosing a commonly used - and therefore easily guessed - password. An analysis of passwords stolen from websites during recent security incidents reveals that the most common include "password", "123456", "abc123", "qwerty" and, bizarrely, "monkey".

2.Disable booting from CD or USB

It's easy to change or remove an account password using a free resetting program such as pogostick, or to guess a short one using a "bruteforce guessing" program such as Ophcrack.

But running these involves booting the computer from a CD or USB stick, so you can increase security by disabling the ability to boot from one of these devices. This can be done by altering the settings in your laptop's basic input/output system (BIOS) – the built-in software with generic code to control the machine – which can usually be accessed by pressing F1, F4, F10 or Del just after you switch it on.

To ensure that no-one can override these settings, password-protect the BIOS so that no more changes can be made to it without entering the password. This can also be configured in the BIOS settings.

3.Encrypt your hard drive

If your laptop is stolen from your car or hotel room there is usually nothing to stop the thief from removing your hard drive and attaching it to another computer. Doing this bypasses any account password protection and allows them to access your data easily.

The best way to prevent this is to encrypt your laptop's hard drives. Encrypted drives can only be accessed after the encryption key is supplied - usually in the form of a PIN, a password or by inserting a USB stick containing the key.

You can encrypt an entire drive using BitLocker, an encryption utility included with some versions of Windows Vista, Windows 7 and Windows 8. A free, open source alternative is TrueCrypt, which also works with Windows XP, Linux and OS X.

4.Use a virtual private network (VPN)

Publicly accessible networks, such as those offered in airports, conference centres and hotel rooms, present a particular security risk to laptop users. This is because hackers armed with free programs such as Cain and Abel, Wireshark or Ettercap can connect to the same networks and eavesdrop on emails or copy passwords as they pass over the network.

The best way to protect your data from interception by other network users is to encrypt it while it is in transit between your computer and your office network, using a company VPN.

If you don't have access to a company VPN, you can use one from service provider such as StreamVia or StrongVPN. This ensures your data is encrypted and protected from other users of the public local network.