Ask Leo! by Leo A. Notenboom

How can I keep data on my laptop secure?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » General Computing

Summary: Laptops are portable, convenient and easily lost. When lost all the data could easily be available to the finder. Encryption is the answer.

I travel a lot, and have sensitive data on the laptop I take with me that I need as part of my job. But I'm in fear of losing the laptop and that this data will fall into the wrong hands. What do you suggest?

I know how you feel. I, too, have sensitive information on my laptop that I would prefer not to fall into the wrong hands. I can handle losing the laptop, but the thinking about the data in the wrong hands ... well, it just gives me the willies.

So, yes, I do have a solution, and it turns out to be fairly easy, secure, and free.

Now, naturally, you can "encrypt" your data using a simple tool like WinZip and assigning the resulting archive a password. The problem is that it's fairly easy to crack the zip file's password, and get at the data. It has its uses, though. Much like a cheap padlock, it's mostly about keeping honest people honest.

I recently started using something called TrueCrypt. TrueCrypt is free, open source, on-the-fly encryption software. It provides serious industrial-strength encryption while still being fairly easy to use.

"Data encryption is an important part of an overall security strategy."

TrueCrypt can be used in several ways, the two most common are that it can encrypt an entire disk volume - such as a USB thumb drive, floppy disk, or an entire hard disk if you like - or, it can create an encrypted virtual disk. It's this later approach that I like to use.

An encrypted virtual disk is simply a file that TrueCrypt "mounts" as an additional drive letter on your machine. You specify the pass phrase when the virtual drive is mounted and thereafter everything you access from there is automatically DEcrypted and anything you place there is ENcrypted.

For example, you might have TrueCrypt create an encrypted drive as c:\windows\secritstuf. If someone were to look at the contents of that file directly, they would see only random gibberish - the result of encryption. When using TrueCrypt to mount that file as a virtual drive, (for example selecting the drive letter "P:") then P: would look and operate like any other disk, and would contain the contents of the encrypted drive. Encryption is as simple as moving a file to the drive.

The trick, then, is to never mount the drive automatically. When your machine boots up, "P:", for example, would be nowhere to be found, and the encrypted file c:\windows\secritstuf would be present, but only visible as gibberish. If someone stole your machine that's all they would find.

Only after you've used the TrueCrypt program to select the file (c:\windows\secritstuf), choose the drive to mount it as (P:) and supply the correct pass phrase, would the virtual drive be "mounted" and the encrypted data become accessible.

TrueCrypt supports a number of different high-powered encryption algorithms. The documentation for TrueCrypt is clearly targeting at the seriously paranoid, including instructions on how to maintain "plausible deniability" should a thief ever force you to supply a password. Let's hope that'll only be of passing interest to any of us.

Now, a couple of caveats:

  • Encryption does not make a bad password any more secure. If you choose an obvious password or pass phrase, a dictionary attack can certainly be mounted that could unlock your encrypted volume.
  • An encrypted volume does you no good if the files you care about are also elsewhere on your machine.
  • That being said, make sure you have secure backups, updated regularly. Preferably keep them UNencrypted, but secure in some other way, in case you lose your encrypted volume or forget your password. Without the password, the data is not recoverable.
  • That last statement is technically inaccurate. You should always be aware that things are never 100% secure. All encryption can, theoretically, be hacked. The purpose of encryption is to make the cost of that hacking so astronomical as to be impractical. For example, spending a calendar year on a brute force hacking attempt is kinda pointless to discover next month's sales forecasts. Similarly hiring the expertise required to attempt such a recovery might also be astronomically costly.

Data encryption is an important part of an overall security strategy. Keeping your sensitive data secure requires a little forethought and planning. With viruses and spyware running amok, not to mention the theft scenario that we started this article with, there's no excuse not to take that time, and save yourself some serious grief later if the unthinkable happens.

Related:

Article C2343 - April 28, 2005

Helpful? Get new articles weekly by email in my FREE newsletter!

Your Name:
Your Email:


Why Subscribe?

Recent Comments
38 Comments

Rick,
I have a need for serious data security. Is there a program that would automaticly wipe clean my hard drive if say..I dint log in every 2 hours. Is there something that will allow me to call from a cellphone and activate the program that would WIPE my hard drive. By wipe I mean NEVER be able to recover the data or for that matter use the laptop again at all.

WIPE? No. But you can get just as secure, I believe, by keeping your data in a TrueCrypt volume with an appropriately strong passphrase, and configuring it to auto-dismount on inactivity.
- Leo
12-Dec-2008

Posted by: Rick at December 11, 2008 9:14 AM

You can also use the BIOS option of providing a password to your hard drive - this keeps honest but nosy people out and is much more difficult to "break" than a Windows password.

Posted by: Dr. PC at January 28, 2009 8:26 AM

I am working in a company which makes website for health, fitness, mini roulette, IT, shopping etc and I was in a great need of buying a laptop. So I finally bought a Dell Latitude D530, laptop last week.
Most of the people adviced me that it would not be a good deal to buy a laptop, instead they advised me to buy a desktop. I don't know why people have so much misconception regarding buying a laptop.

Posted by: akshay at February 28, 2009 6:05 AM

I'm 99% ready to set up TrueCrypt. I travel and do not want anyone to steal my data - if they steal my laptop. What setting should I select? BB

Posted by: Bill at March 9, 2009 2:24 PM

File protection is great with passwords for access and editing. But it doesn't stop somone from accidently deleting the file.

How do I stop an accidental deletion?

Posted by: Larry Schumaker at March 19, 2009 7:05 AM

See the winsesame faq about the deleting of a protected file there :
http://www.aragonsoft.com/en/winsesame/faq20.php

Posted by: georges at April 2, 2009 2:29 PM

This is a great article and discussion. One of the things I have been pleased by is services services like Alertsec which offer hard disk encryption as a fully managed service. It uses the Full Disk Encryption (former Pointsec) software but is a web based encryption service that radically simplifies deployment and management of PC encryption. It is a heck of a lot easier for an enterprise than trying to manage all those laptop encryption on your own! We put off encryption for way too long (and got burned once) and this managed approach made it possible for us to afford it from a money and more importantly staff resource perspective.

Posted by: David Lawrence at April 12, 2009 6:01 PM

I run Alertsec and it sure is easy. The good thing is that they have a great telephone support which help you unlock your laptop when you forget or type your password in wrongly (Which I have done twice in the last 16 months..) so it is worth that little extra you pay - compared to installing it yourself. It is encryption we are talk about here - so if you b-gger it up you are really and truly lost.

Posted by: Martin at April 14, 2009 1:30 AM

I´m using this discryptor.net software. I think that really makes ma data secure.

Posted by: Bererker at April 28, 2009 2:20 AM

Hi, when installing TrueCrypt what is the best option to use: Install or Extract (for travel) ... BTW I run Windows 7 and there is a message saying is not supported ... any risk on using it despite of this !?

I just install. (Extract is useful for some cases, but if you're not sure, just install.) From what I've seen it works fine in Win 7, but I'd expect an update very quickly after 7 releases.
Leo
11-Oct-2009

Posted by: Luis at October 11, 2009 9:12 AM

Post a comment on "How can I keep data on my laptop secure?":






(Email Address will not be published.)

Remember Me?

By popular demand...
my tip jar
Cuppa Joe
Buy Leo a Latte!

(you may use HTML tags for style)

RSS feed Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

  • Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.

  • Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.

  • Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

  • Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.

  • Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

  • I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Please wait. Your comment is being processed ...


Question? Ask Leo!