HELP - Personal Data at Risk

[draco001]

Hi I am not in IT but I do have to protect the data of my customers which i carry with me all of the time on my laptop. I take precautionary measures such as having the thinkpad x60 with the physical lock, biometric reader and password at the application level. I understand that there is something called EFS that comes with xp. But what concerns me is with these measures in place on my individual laptop (im a one-person show) is this enough security in case my laptop were to get stolen? Is there a way to "lock" the hard drive so that noone - except me can get to the data?

Sorry for the long post but I want to give you all a picture of my situation. The post i read deals with networked/corporate environments and not for one single machine

Regards,

Ray

 

[eyec]

Google for a program called Trucrypt. it will allow you to fully encrypt your harddrive with password.

 

[wahnula]

I do have to protect the data of my customers which i carry with me all of the time on my laptop

draco001, do you have a disaster recovery plan? That is, if the laptop were stolen, burned, or crashed, can you recover your data?

You should do daily backups to an external drive that stays in a different location (like in a fire safe at home) than the laptop. You can use Windows Backup or a file-copy utility like SyncBack SE for backup.

It is also a good idea to spool off data onto DVDs every so often too. Best of luck!

Tony

 

[draco001]

thanks tony - i do have a recovery plan in place. I do backup all data to an offline drive and burn to dvds. What I am concerned with is when i am actually on the road and want to remain secured weather i am IMing with clients, coworkers, etc., emailing and most importantly if my laptop were to get stolen - i want to make sure that the thief would never be able to access the data on the hard drive.

I just found a website that i think might help me PGP.com but i would like for something to be user friendly and easy to set up.

 

[wahnula]

What I am concerned with is when i am actually on the road and want to remain secured

...which also means secured from hackers. Hotel networks are notorious, especially wireless. Keep your wireless NIC disabled when you are not using it, and look into a portable hardware firewall appliance like this:

http://www.gcn.com/print/24_13/35950-1.html

for about $100 it's a lot of security. PGP is excellent BTW.

Tony

 

[Stevehewitt]

EFS doesn't fully encrypt your HD, however it does encypt particular folders as you set. A good example maybe your My Docs, Desktop and some of the application data stores. (Such as a database file for example)

EFS is a piece of cake to setup too, however if you were to ever forget your password you can kiss the files goodbye.

People have mentioned some software that do the whole hard disc, but that may or may not be overkill depending on your requirements vs. cost. Probably not much use but FYI Windows Vista contains full drive (well, partition) encryption too. (But as it's not out retail till nearly Feb and I doubt you'll be jumping on it as soon as it's out it's not much use!!!)

If you do need to keep these files safe and secure then to be honest you do need to do more than password protect the application. Most apps can have a cracker ran against them and application level secure for passwords isn't traditionally great.
Based on what you've said I would recommend EFS. Things like recovery for EFS are a bit beyond the scope of this thread but there's a load of information on the MS site as the Windows XP / Windows 2003 Server forums.

I would go along with the idea that keeping the machine secure internally is also very important. Windows Updates, daily updated AV, daily backups that you randomly test. Also look at this scenario:

One Administrator account. V. Hard password with it kept in the safe / somewhere secure.
Create a seperate user account for you to use on a daily basis. This should NOT be an admin account.

Also things like use IE7 or Firefox (rather than IE6), do a weekly spyware/adware scan, enable Windows Firewall (and make sure you are using SP2!), never send anything sensitive over email without encrypting it first etc.

Loads of best practices but I imagine as you take security pretty seriously they are already implemented / you know about them.

Good Luck,




Steve.

"They have the internet on computers now!" - Homer Simpson

 

[chgwhat]

Ensure you have a hard disk password. A good thing on a laptop.
see ftp://ftp.software.ibm.com/pc/pccbbs/mobiles_pdf/41w2511.pdf

Tony ... aka chgwhat

When in doubt,,, Power out...

 

[chiph]

When using EFS, be aware that the key is tied to the installation of Windows. So if you have a hard drive crash and need to reinstall Windows, your EFS folders will be unrecoverable if you made backups of them in their encrypted form.

Get a portable USB drive (Western Digital has one that uses a notebook drive, holds 80gb, and is powered off the USB cable), and make unencrypted copies of your data. Then store it in a fireproof safe or container. A safety deposit box at your bank would be good, if access to it is convenient.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first