Share This Post

Articles

The importance of laptop security for the CIOs

laptop security

Light, thin, fast, trendy – the laptop is part of our day-to-day work environment. Due to their qualities and ease of use, laptops have already penetrated many business processes and continue to confidently take out stationary workstations.

Before the pandemic, laptops made 55% of the total number of all computers in organizations of various sizes. Due to the transition of organizations to a remote mode of operation, large quantities of laptops have been purchased, so we can be sure about a significant increase in the share of laptops in the near future.

Why are laptops so popular?

  • Mobility

Modern business requires instant inclusion into the information flow and current work tasks, disregarding the employees’ location. A laptop, in this sense, is irreplaceable, which cannot be said about a smartphone or even a tablet.

  • Autonomy

Modern laptops can work for about eight hours, providing the employee with autonomy for the whole working day.

  • Performance

A modern laptop can easily fulfill all tasks of a general nature. And if we are talking about desktop computers, office workers are often provided with a large surplus of tech resources for performing their routine tasks.

All these reasons and, perhaps, many others, make the laptop a popular device that every modern manager should have. Let us ask ourselves a question: “What is the ideal laptop?” This question should be asked not in terms of technical characteristics and comparison of specific models, but in terms of the usefulness and effectiveness of the device for running and managing business processes.

To fully answer this question, it is necessary to create a complete picture and analyze not only the positive but also all possible negative impacts of the laptop on work processes and business as a whole.

Serious security issues

The pervasive versatility of a laptop is not only an advantage but also a potential security threat. Employees view and process confidential information, service data, organization secrets in an untrusted environment. It is these scenarios of working on a laptop that form a ground for data leaks and information compromise. To understand the essence and causes of the arising problem, it is worth considering in more detail the disadvantages of using laptops from the point of view of information security.

  1. Due to its compactness, the laptop is easy to lose. It can also be stolen during transportation or used outside the controlled area of ​​the organization. Without proper encryption, all information stored on the laptop will be at the disposal of the attacker with all the ensuing consequences.
  2. A laptop is a closed hardware structure, replacement of parts or self-repair is almost always prohibited by warranty, therefore, if the laptop breaks down, the IT service simply sends the device to the certified and approved service center. The transfer of a frozen or inoperative laptop to third parties is accompanied by a high probability of information leakage, as the service center employees can be potential intruders. At the same time, malicious access and copying of information from such a laptop cannot be recorded and, therefore, cannot be proved.
  3. The abundance of communication ports is an important property of a modern laptop. It should represent a separate area of ​​increased attention for information security departments as the more ports for communication exist, the more channels and potential information leakage scenarios are possible. Everything must be controlled or deactivated to prevent information security incidents.
  4. Work processes require an intensive exchange of information. This is a real challenge for the information security service, since monitoring the use of USB ports on a laptop operating outside the controlled area is not an easy task. At the same time, the use of a USB stick for information exchange is an extremely popular scenario.
  5. Due to the fact that a laptop is a technically complex device, laptop users need constant technical support and, therefore, IT administrators should have access to their devices. In some cases, the security department is faced with the task of prohibiting access to classified information on a laptop for IT servicemen. It is almost impossible to do this without professional tools. Refusal to solve such problems would mean a potential risk of information leakage.

Thus, your laptop is a highly controversial tool for solving business problems. It has an impressive set of benefits and at the same time, requires increased attention from the organization’s security team and CIOs in particular.

It is quite obvious that a modern laptop model, equipped with a set of professional security tools intended to prevent all possible scenarios of compromising an organization’s secrets, can serve as an ideal means of solving business problems.

How to keep your laptop safe?

  • Laptop immobilizers

Most often, laptops are stolen to be later sold. In this case, the data contained on the hard drive will hardly be of any interest to the thief. However, if the information is the main purpose of the theft, it is a serious problem. Experienced specialists may extract a lot of information from seemingly harmless documents, temporary files, and postal addresses.

The easiest way to prevent physical loss of your laptop is to tie it to something heavy like a table. For this, a special device has been developed – the Kensington lock. It is a flexible metal cable with a loop at one end and a latch on the other. The latch is inserted into a hole in the computer body and is securely fastened. If there is no special key or the secret code is unknown, the high-strength metal cable ensures that the attacker will fail without strong cutting tools.

If it is impossible to bind a laptop physically, a motion sensor, for example, such as the DEFCON MDP, made in PC Card format, will come to the rescue. Such devices not only produce a very loud sound beeping at 110 dB when you try to move the computer, but they immediately initiate data encryption or, depending on the settings, data deletion.

Some devices are designed to protect the laptop on the move. The principle of their operation is simple – when the laptop bag is removed from the radio transmitter located in the owner’s pocket further than a certain distance, this device makes a sound.

However, in order to get the information stored on a laptop, it is not necessary to steal it. You just need to have access to it.

  • Data protection

To prevent a stranger from reading, copying, or changing the information stored in a laptop, a lot of solutions have been developed that restrict data access. The first and easiest way is to lock the BIOS and do not allow the system to boot without entering a password. This tool is effective if the user never leaves his laptop turned on, and the attacker does not have time to open the case and reset the BIOS chip or remove the hard drive.

The next line of defense is the Windows password. It is intended mostly to prevent users from getting into someone else’s account accidentally. Windows password makes it difficult to access information only when you activate the data encryption system – EFS (Encrypting File System). It is included in most Windows versions. To encrypt any folder, right-click on it, select the Properties > General > Advanced, and check the Encrypt content to secure data option and click OK. After this, any user who somehow bypasses the Windows password (booting, for example, from an external disk), will see a meaningless set of characters. Encryption is the only way to protect data from being read, even if an attacker gains physical access to the hard drive.

EFS should not be trusted if you deal with super-secret data as the widespread adoption of Windows has spawned many experts capable of breaking its security mechanisms. Searching the Internet, you can find a lot of applications that provide more reliable encryption and comprehensive information protection.

The PGP cryptosystem (Pretty Good Privacy) has become world-famous. After downloading the free distribution kit, you can encrypt individual files, sign them with an electronic signature and send them by email. To confuse an attacker, this program allows you to mask protected sections and even hide them in existing files.

  • Talking about passwords

Access to protected data is provided using special keys. The simplest key is a password, which usually consists of letters, numbers, and various symbols. It is quite easy to use – just enter symbols using the keyboard. However, the password can be spied on, picked up, and finally just forgotten. It is safer to use key files written, for example, on a flash drive.

To form a password, not only a set of characters can be used, but also a certain algorithm – a small secret program. This algorithm, written on the smart card, is a powerful means of restricting data access. A special slot is required to read smart cards. It is added, for example, to corporate models of Acer notebooks. Depending on the selected security policy, Acer smart cards bundled with proprietary software can serve as passwords for logging in, access control or hard disk encryption.

Practically any laptop can be protected using USB-analogs of smart cards. The USB stick can store not only the password but also security certificates and digital signatures.

Smart cards and USB keys are difficult to counterfeit, but they can be stolen. To prevent attackers, access your data using a stolen card, a PIN code request can be enabled. To enter it, some laptop models are equipped with a special security panel.

A simple (for the user) and at the same time, a reliable method of protection is a fingerprint scanner. Some laptop manufacturers (IBM, ASUS, Samsung) build them into their models. The fingerprint works like a regular password when booting the system or when encrypting data.

  • Invisible threat

With the development of modern network technologies to access information, it is not necessary to steal a laptop or approach it. Hackers use phishing, viruses, trojans, and malevolent redirects to steal data staying unnoticed by the user. Maximum protection against malware can be achieved by combining timely updated antivirus programs with firewalls. Antiviruses search for and destroy malicious programs on the disk, and firewalls prevent unauthorized data transfers. Users should also regularly update operating systems and all software installed on the laptop. One more important tip is to stay away from suspicious messages, weblinks, and file attachments. Working in wireless networks poses a separate threat to classified information. Here carefully configured VPNs can help.

Assess any gaps in your IT environment with free CyberFit Score and remediate today.

Conclusion

Modern means of protecting a laptop and its data, for all their simplicity and accessibility, can provide an extremely high level of security. The main thing is to apply solutions that correspond to the degree of information security, never rely on only one tool or solution but build several layers of protection.

About Author:
David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs Privacy-PC.com and MacSecurity.net projects that present expert opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.

Read Next: 4 ways to reduce the risk of identity theft

Share This Post

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>