Author: John Phillips (Ocean Computing Solutions)
Many business owners are becoming “mobile workers”. This normally entails using a laptop for most day to day computing tasks such as email, word processing and financial accounts management, both in the office and on the road. The result is that a lot of potentially confidential information is stored on the laptops hard disk drive. All this data should be backed up, so if the laptop is lost or stolen you can recover your data. The bigger problem is the question “who now has access to that information?”.
Loss of information through this means is referred to as a data leak. It’s difficult to quantify the costs associated with data leaks for a number of reasons; primarily organisations fear the consequences of disclosing an incident where customer data is lost. That being said, a number of high profile data leaks have occurred recently which have received wide media coverage.
In a 2006 incident, an Australian Department of Defence official left a CD containing a report into the death of Private Jake Kovco in a public computer at an airport. The CD was subsequently handed to the media and resulted in the department suffering considerable embarrassment.
Protecting your business against data leaks stemming from laptops and other portable devices including PDAs and USB Flash Drives can be relatively easy. The simplest solution is to avoid storing sensitive materials on portable devices. If you need access to your emails and documents on the road the best option is to access them via a remote access solution such as a secure web application (see Google Apps for a good example http://www.google.com/apps/) or a terminal services environment. If the laptop is lost, you don’t lose control of any information.
Remote access isn’t practical for every scenario. If you require access to your documents away from an internet connection, for example on an aircraft, you need to find a method to secure the data on the laptop. This normally means using an encryption application to render the data unusable to anyone who doesn’t possess the password. There are two methods used to encrypt data on a laptop, encrypting specific files and folders and encrypting the entire hard drive. Encrypting the entire hard drive is a better option which requires a password to be entered before Windows loads.
Setting up encryption isn’t especially difficult, but for complete peace of mind it’s best to consult your IT support professional who will be able to recommend and configure products to provide the level of protection your business needs.
John,
I’m always impressed at your ability to scare the c**p out of us poor business people – none of whom are up to scratch when it comes to computer security.
I’m grateful we have you to keep us on the straight and narrow.
Canberraangel.