Use laptop encryption to protect mobile data

With many businesses issuing laptops in place of desktop computers and remote working becoming increasingly popular, one area of IT security often gets overlooked: what happens to the files and data stored on a company laptop or a USB key if either or both gets stolen or lost?

Even if a laptop is password protected, with a screwdriver it’s easy to remove the hard disk, hook it up to another computer and copy files. If that data includes sensitive business information, it could harm your company or even leave you in breach of data protection law.

Laptop encryption scrambles data

Encryption can be used to scramble the data stored on your laptop or on external media like USB drives and memory sticks. This makes it virtually impossible for hackers to decode the information without knowing your individual password or encryption key – even if they get their hands on the media on which your data is stored.

Encryption is very secure because it rearranges the data in such a way that it’s virtually impossible to make sense of until it has been decrypted.

Technically, hackers could break into an encrypted file, but it’s so difficult and would take so long that doing so is impractical. In a 2002 test, it took 331,000 people four years to crack a relatively low level of encryption.

Laptop encryption should be standard practice

There’s a very good argument that laptop encryption should be standard practice for any company that issues laptops to its staff:

• It adds an extra level of defence. With laptop encryption and external media encryption, even if a staff member loses the item containing the data, the data itself will be secure.
• It’s a reliable way to protect data. When set up correctly, encryption is nearly impossible to break. It probably won’t stop a thief reusing the hardware, but it will prevent them accessing the files on it.
• It’s unlikely to cause disruption to your staff. There are lots of ways to implement external media and laptop encryption, so you should be able to find one that doesn’t significantly affect your business processes.

Laptop encryption approaches

Although free laptop encryption software is available, you’ll probably want to consult your IT supplier or IT support company before trying to implement laptop encryption yourself.

Using laptop encryption can reduce the performance of your computer, especially if it’s a few years old. This is because your computer has to put a lot more effort into working with encrypted files than unencrypted ones.

There are two main options for laptop encryption:

1. Data-centric encryption:

This approach to laptop encryption encrypts data as it’s stored on the system. This protects files on the main disk and gives you the option to secure data on external media like USB keys.

Data-centric encryption has the minimum impact on performance, because you only encrypt important data, not application or operating system files.

To set up data-centric encryption, you need to define encryption settings so your laptop knows which files to encrypt. How you do this will depend on the software you use, but typically the settings are in a management console.

Once you’ve done that, data will be encrypted automatically, without you having to do anything else.

Additionally, if your company’s IT systems access levels are managed centrally, you can create encryption settings which allow encrypted data to be easily shared between people in your company. This means your employees don’t have to encrypt and decrypt files when sharing them.

2. Full disk encryption:

The most secure option is to encrypt all the data on your laptop drive. You can be completely confident your data is protected, although the performance cost is higher because every single file has to be encrypted or decrypted.

Implementing full-disk encryption can also be tricky if your company’s computers are managed centrally. You can’t generally encrypt external media, and full-disk laptop encryption can also interfere with software updates, meaning you’ll have to change how you roll these out.

Most companies find data-centric encryption is the best of these two laptop encryption options, as it’s usually easier to set up than full-disk encryption, and has less impact on computer performance.

Hardware or software encryption

Many hard disks are now available with encryption built in. These ‘self-encrypting drives’ don’t affect computer performance so much as the encryption is performed by a dedicated computer chip.

However, self-encrypting drives do not help you to encrypt data stored on USB keys. For this you still need to rely on software encryption.

Indeed, performance issues with software encryption are fading. Modern computer processors are designed to handle encryption, so the performance impact is negligible with newer computers.

If you’re considering laptop encryption, it’s well worth speaking to your IT supplier. You can see significant benefits from a centralised encryption system, where you create encryption policies which apply to all laptops in your company.

This ensures you don’t have to maintain encryption software on each individual laptop, and reduces the chance of employees changing encryption settings.

Finally, remember that no matter which form of external media and laptop encryption you choose, hackers will always target the weakest spot. Laptop encryption is only as strong as the authentication required to gain access. If your password is easy to guess, it doesn’t matter how strong your encryption is.

More on this topic:

• Perform an IT security risk assessment
• Protecting data on lost and stolen USB drives
• Does your website need encryption?