Basic levels of password protection on laptops are easily overcome by the experienced thief and this is causing concern within the industry.
There are two things you should do:
- Physical security – Do not let your laptop out of your sight. Never leave it unattended in a public place. Never leave it in the boot of your car overnight at hotels. Always use a steel cable to attach it to a firm structure when in use outside your normal environment.
- Electronic security – Do not have sensitive data on a hard disk in the first place. Use a complex password and if possible second level authentication, such as a token or other device. When the laptop is on but is not being used, use the electronic lock facility to activate the password entry facility. Use a password on any screensaver.
That takes some account of security for the laptop, but with attached devices such as SD cards and USB pen-drives the situation is different:
Anyone stealing the SD Card or Pen-drive can read the data on any computer loaded with similar software. This is clearly a point of vulnerability; the best method to protect this type of device is to encrypt it so that it is useless without the decrypt key.
This protection is not the expensive option it used to be, with open source software freely available. The best of these encrypt and decrypt on the fly and are transparent to the authorized but render the device useless to the thief and in may cases appear to be a blank device.
ISO27001 and Laptop Security