Mitigate the risks of a stolen laptop

Think about it for a second. What would you loose if someone stole your laptop (or desktop) computer? What kind of damage could be done to you with the information retrieved from your laptop? The theft of a computer brings with it all the problems associated with a failed hard drive plus the added risks of the data on the drive being out of your control and potentially used by an unauthorized person for things that are likely to impact you negatively. Risk Overview:
  • Loss of computer hardware (laptop)
  • Loss of control of stored data
    • credit card numbers
    • passwords
    • e-mail messages
    • documents
    • financial data
    • contacts/address book
    • calendar/schedule
    • music
    • photos
Obviously, if your computer has been stolen you no longer have a computer. This is problematic all by itself. However, and probably more importantly, you no longer control the computer or the data stored in it. Many users don't realize just how simple it is to access the data on a hard drive simply by removing the drive from the computer and installing it in another computer or booting the computer from a CD-ROM with a different operating system. If you think your OS password will save your data, think again. A password protected account adds only minutes to the attack. Once the thief has gained access to the your data he can use it for whatever his purposes are: espionage, identity theft, etc. This is all pretty frightening, so what can be done? Countermeasures/Risk Mitigation Overview:
  • Theft prevention
  • Insurance (renters, home owners, rider, identity theft, etc)
  • Backups
  • Encryption
Wouldn't it be better if the laptop never got stolen in the first place? Simply taking preventative steps and training yourself to secure your laptop as part of your normal routine seems like the simplest place to start. How about locking your laptop in a safe or chaining it to an immovable object? Simply locking your laptop in the trunk could prevent window shopping thieves. Insurance can be purchased to address the loss of the computer hardware. In fact, you may already have it through your renters or home owners policy. In addition, many insurance companies are offering identity theft insurance to help defray the costs associated with recovering from identity theft. Keep good backups (incremental and full) of your important data. Better yet, store only the data you need on your laptop and write the rest to portable encrypted storage devices (CD, DVD, etc) which are physically secured. Use encryption. All modern user-oriented operating systems (Windows, Mac OS X, and Linux) offer some kind of directory level encryption in addition to file sytem encryption. Understand that there is a trade-off between security and performance so choose your strategy wisely. As an added measure make sure you encrypt your password databases with a strong algorithm and passphrase(s). Theft is hard to predict but there are steps that can be taken to mitigate the risk of computer theft. Many of them are simple to add to your routine. References:
Schneier on Security: Risks of Losing Portable Devices