You are hereSecuring Your Laptop and Personal Data Against Theft

Securing Your Laptop and Personal Data Against Theft


By Anonymous - Posted on 26 May 2010

Laptop prices are on the rise and they will continue to do so, making laptops an expensive investment. In this article I am going to discuss some of the techniques you can use to prevent loss of your beloved machine and its data. I am going to focus on physical theft of data because many people don't do enough to avoid this. I'm also going to explain how to build security in layers, making it tighter as you go deeper.

This article is written in novice language for everyday computer users and computer experts may find some terms and definitions too loose. If you are an expert you already know what I am talking about, so feel free to skip the boring details.

When you look at your laptop there are two things you want to protect. Firstly there is the machine, the device you paid for and secondly there is your data, your personal information, pictures, emails messages, chats. For most people both of these aspects are important. But it is important to remember that while the physical device can be replaced (you can always purchase another one) the data cannot be replaced. Also data can be misused if it falls into the wrong hands. In this article we will see how to avoid this.

Protect your device

1. Register it

The first thing you should do is to make a note of your laptops model number and serial number. These are printed on a strip on the back, sometimes near on inside the battery compartment. It is wise to register these details with a service like Immobilise. That way you will not lose them. It is also a good idea to register the laptop with the manufacturer for warranty under your name. This way no one except you can claim warranty for it.

2. Lock it down

The easiest way deter a thief is to 'lock it down'. All laptops come with a Kensington lock slot. This is a small hole in the laptop chassis which is reinforced with metal. In order to use it, you need to buy a Kensington lock. If you look around you will find many of these locks retailing from the very cheap to the extremely expensive. The lock consists a steel braid cable with a lock barrel on one end and a loop on the other. The idea is that you loop the thing around something heavy and the clip the barrel into the lock slot in your laptop, effectively handcuffing your laptop to the heavy object.The strength of this lock is proportional to the strength of its cable and buying one with a flimsy cable is useless because the thief can just cut the cable and take your laptop. Also the lock barrel must attach flush with your laptop chassis to avoid someone inserting something in between the lock and chassis. I recommend this lock or this lock. Both are very well built and use keys, I like keys better than the numerical alternative. Now when using this please don't be lazy and wrap it around a table leg, because someone can just lift the table and slip the loop off the leg at the bottom.

3. Insure it

If you are going to be travelling around a lot, besides using the Kensington lock you should insure your machine against theft. This way you transfer the financial liability onto the insurer. Gadget Cover provide insurance for laptops and other gadgets in the UK provided the gadgets are under 6 months old. Instead of insuring your machine you can also look at laptop theft recovery services which install a piece of software on your laptop which can be used to track it down if it is lost or stolen. My favourite option is Prey which is free for up to 3 devices. Another commercial alternative is CompuTrace, though there are mixed reports on how effective this type of software is.

4. Setup a BIOS password

The BIOS is the first piece of software that your computer runs when it starts up (boots). The BIOS resides on a separate memory chip in the computer and not on the hard drive or RAM. It is responsible for configuring the hardware correctly every time your computer starts up. Most modern BIOS allow you to set a password so the BIOS will not run unless the correct password is entered. If the BIOS cannot run, the computer cannot be started at all thus locking down the computer.

To set up the BIOS password you have to restart your laptop and watch the screen carefully. Wait till the manufacturer logo is seen (not the Windows logo, that comes later). During this time the computer will tell you something like "Press F2 to enter setup" and you must quickly press F2 (or whatever key you see) and you will enter the BIOS configuration screen. Sometimes you may have to press a combination of keys. Because each laptop has a different BIOS, the options you see will be different. You have to cleverly choose from the options your computer shows you. Once inside the BIOS setup, look under "Security" or "User password". Again BIOS on different computers is different and you have to find the correct option by reading the screen. Sometimes there are two passwords "Administrative password" and "User password". You have to set the "User password". Once you find the correct option press the Enter (↵) key and you will be asked to choose a password. Usually the BIOS memory is small and you will only have a limited (8 character) field for saving the password. You will have to enter the same password twice pressing Enter after each attempt.

Exiting the BIOS setup requires you to press the Esc key on the top left corner of the keyboard. You may have to press it several times, each press will take you backward to an earlier screen (i.e. it works like the Back button of your browser). Pressing Esc on the final screen will prompt you "Save settings and exit?" If you are happy to set the password you have chosen and save it to the BIOS press "Y" and Enter. Otherwise pressing "N" and Enter will discard any changes you have made to the BIOS setup and the computer will simply continue start up as if nothing has been changed.

Setting up a BIOS password this way makes the laptop useless to the thief as a whole. He cannot start the machine and use it normally because it simply wont start unless the correct password is entered. This makes it slightly harder for him to sell off the device quickly. Laptop manufacturers make it hard to reset this BIOS password and usually this involves either contacting them with proof of purchase or opening the laptop chassis yourself and playing with the internals, or taking the device to a laptop technician. Your thief will need to be pretty clever to get around the password without raising suspicion. Conversely the bite back is that if you yourself forget the BIOS password you will be unable to use your own laptop. So make sure you choose a password that is easy to remember. Unlike online passwords, it does not have to be very long or complicated, it can be something simple but something only you would know of. A four or six digit pin number works best.

Protect your data

The above techniques and use of common sense are the best one can do to protect the machine itself. In the event that your machine gets stolen despite precautions your next immediate worry is what happens to the personal data on it. We now move on to protecting data from theft.

As an aside, remember personal data thieves find it much easier to steal data online using malware and viruses. They will not steal your machine for that (it is way too risky). The way you prevent online data theft is by using a good antivirus product and keeping it up-to-date using a suitable subscription. I personally use and recommend Kaspersky or BitDefender for home users. The subscriptions for both last 1 year and are very affordable.

Personal data theft can happen as a side effect of physical machine theft. If someone runs away with your laptop, they also run away with your data as a consequence. Even if they cannot start your machine (because of the BIOS password) they can still dismantle the machine and get at the data on the disk. This can be worrying if you have sensitive details, family pictures or videos on your disk.

We are now delving into using security software to protect data. You will need reasonable computer skill to accomplish some of this. You may have to read more about these techniques online so that you become comfortable enough to try them out. I'll give links to more reading when necessary.

1. Encrypt it

Encryption is a process of scrambling data (mostly using a password) so that it becomes meaningless. In order to make it meaningful again, one has to decrypt the encrypted data using the same password. This means only the person who posses the password can make any sense of the encrypted data. This is the key to protecting your data from theft. If the data on your disk is encrypted, the thief cannot make sense of it unless he can guess the password you used during encryption.

The idea is to use what is called a 'full disk encryption' tool like TrueCrypt to encrypt everything on the hard drive. With full disk encryption, everything on selected partitions of your disk is encrypted using a password you specify. When the computer starts up, the encryption tool requests the password from you and uses this to decrypt the disk on-the-fly, which means files are decrypted as and when they are required. You should read more details of this here. TrueCrypt has many detailed options for advanced users, but most users can simply use the pre-set defaults. If you have more than one partition on disk or more than one disk, you will have to encrypt each partition and disk using volume encryption. Another perhaps simpler disk encryption tool is BitLocker from Microsoft. But this is only available with certain versions of windows. Don't be put off by the reading you have to do, it is worth understanding this technology. Also once you set it up correctly, it will just work and you wont have to bother with it which is great. For advanced users I have also written a script that allows you to mount an encrypted TrueCrypt volume using a USB stick here.

Again a word of warning, encryption is a double edged sword and if you forget the password you wont have any way of making sense of your precious data.

2. Create regular backups

Encryption prevents your data from falling into the wrong hands it does not safeguard you against the loss of data itself. The only way to avoid that is by regularly backing up the data on your laptop to an external media. Large external hard drives are fairly cheap and investing in a reasonably priced one for backing up your data is a good idea. A note of caution here is that the larger the drive size becomes, the more frequently these drives fail. It is better to buy two medium sized (500GB or 1TB) drives than buying a massive 2TB drive. Buy the size that fits your backup needs best and always read user reviews before making a purchase. If a large number of reviewers say the drive fails, then chances are it will fail, taking your backup with it. Some external drives come with manufacturer supplied backup software, otherwise you can use a backup software like Cobian Backup or COMODO Backup. Alternatively, instead of using an external disk drive for backups, you can try an online backup provider like Mozy or DropBox, who give you 2GB backup space for free (additional space can be purchased) and free full feature backup software. When using an online backup service, ensure that your data is sent over the internet using an encrypted channel or is encrypted before being sent over the internet. Using FTP for backup is not a good idea, as FTP is not an encrypted channel (SFTP is). If you want to FTP your data across, encrypt it locally first then send the encrypted files across. GnuPG provides tools for encrypting individual files on disk.

Backups are best scheduled to be run automatically, so you don't have to bother manually doing them every time. However if you have a scheduled backup setup, check once in a while if it is really running as you intended. Scheduled backups can start to fail gradually as they grow larger and your drive runs out of space. Scheduled backups must also be updated if you move data around so that the new location is backed up and not the old location.

When initially setting up your backup, do a test run and then immediately attempt a restore. See if the files you intended have actually been backed up and are restorable. Simply assuming that your backup is ok because your backup tool says so is a mistake. Your backup tool does not know what files are important to you and may backup useless files and tell you everything went well. Finally, backup your backup tool. If you download and install a new backup software, make a backup of the downloaded setup program for the software on on a CD/DVD. This is because the backup program may no longer be available for download later or may be upgraded and the upgraded version may not be able to read old version backup files. The backup files created by most backup software can be read and restored only using that software, so it very important that you backup the backup software independently onto a disk so you can use it to restore the backup when needed.

This is a rather long article and I will bring it to a close now. It covers the most important ways of protecting your laptop and personal data from thieves. I hope to see your comments about it.