Laptop Security and Data Protection
Purpose
This document is intended as a guide for University of Florida IT workers who manage laptops and faculty, staff, and students who store sensitive or restricted data on laptops. This guide will describe methods you can use and product solutions you can deploy to protect user's laptops against physical and data theft. Others are welcome to use this document as a reference, but some particular comments may be specific to within the University of Florida.
Contents
What are the Dangers?
Laptops offer a great convenience due to their portability. This portability, however, makes them a prime target for thieves. These thieves not only target portable computers for the value of the device itself, but also for the restricted data they might contain. Users who have a documented need to store restricted data on a portable computer need to take extra measures to safeguard that data from unnecessary exposure due to theft or loss. For details on classifying what is and what is not considered "restricted" data, see the UF Data Security Standard
Laptop Security
General Recommendations
- Ensure that the most up-to-date virus and malware protection products are installed
- Always use a strong password to protect your computer
- Setup a preboot BIOS level or hard drive level password
- Use a password protected screen-saver
- Avoid leaving your laptop unattended and unsecured
- If leaving your laptop in a hotel room, use the room safe or lock it securely to an immovable object
- When connecting via wireless, use the UF VPN to encrypt your session
- Install laptop tracking software to track your computer if lost or stolen
- If your laptop is lost or stolen, contact the UF Police Department for assistance
Physical Protection
Paying attention to the physical protection of your laptop can go a long way to securing both
your portable computer and the data you store on it. Consider the following products.
| Company | Product | Type | Website |
| Kensington | MicroSaver Alarmed Lock | Hardware Lock Alarm | kensington.com |
| Targus | DEFCON 1 Ultra | Hardware Lock Alarm | www.targus.com |
| syfer.nl | Laptop Alarm | PC Software Alarm | www.syfer.nl |
| SlappingTurtle | iAlertU | Mac Software Alarm | slappingturtle.com |
Computer Tracking
Most computer tracking products install a software agent on the laptop's hard drive which runs in the background to monitor the computers location based on current network settings. Some tracking products simply send e-mail reports to a user-specified e-mail address while others use the Internet to communicate periodically with a central monitoring service, usually hosted by the product vendor. The most advanced of these tracking systems can also make use of a cell phone networks, GPS satellite data, or tiangulated WIFI signals to communicate a laptop's location.
Many computer tracking products also include a remote data destruction feature that allows you, in the event of loss or theft, to send a signal back to your laptop to initiate secure deletion of your restricted data.
One thing to keep in mind, computer tracking software can help in the recovery of lost or stolen laptops, but by the time the computer is recovered, any restricted data stored on the computer may have already been compromised. This solution is good for getting the laptop back but is usually too late to ensure that data has not been exposed.
Individuals can get more information about laptop tracking and purchase software from these and other companies:
| Company | Product | Platform | Website |
| Inspice, Inc | Inspice Trace Standard | win | www.inspice.com |
| CyberAngel Security Solutions | CyberAngel | win | www.thecyberangel.com |
| AbsoluteSoftware | Computrace LoJack | win/mac | www.lojackforlaptops.com |
| Orbicule | Undercover | mac | www.orbicule.com |
Data Protection
Your laptop computer's security is your responsibility, whether it is a personally-owned or university-assigned laptop. Due to its unique vulnerabilities, it is imperative you take special precautions when using restricted data with your laptop. To the fullest extent possible, laptop users should be diligent about safeguarding restricted data from unnecessary exposure due to theft or loss.
Data Protection Recommendations
- Limit risk! If you don't need access to restricted data then don't store it
- If you must store restricted data on your laptop, use encryption
- When trasmitting restricted data over the network, use the UF VPN to encrypt the session
- Install remote data destruction software to ensure secure deletion of restricted data in the event your laptop becomes lost or stolen
Remote Data Destruction
In the unfortunate event that your laptop is ever lost or stolen, a remote data destruction
product can help secure restricted data by allowing you to remotely and securely delete all data stored
on the machine. Most remote data destruction vendors provide customers with access to a website
where authorized users can send a signal, over the Internet, to the software agent installed on the
missing laptop which will prompt the agent to initiate a secure deletion procedure and then return the results.
| Company | Product | Platform | Website |
| XTool Mobile Security | XTool Remote Delete | win/mac | www.xtool.com |
| Inspice, Inc | Inspice Trace Enterprise | win | www.inspice.com |
| AbsoluteSoftware | Computrace Plus | win/mac | www.absolute.com |
Encryption
Encryption offers the best level of data protection. Even if someone gains physical access to your laptop, they won't be able to decrypt the files to see or gain access to the restricted data stored there. Encryption offers protection by scrambling data using a key, only the owner of the key can decrypt and read the data.
Most products in this category offer encryption at either the file and folder level or, allow you to create encrypted "partitions" which basically mount as virtual drives or, provide whole disk encryption where your entire hard drive is encrypted automatically and access requires preboot authentication.
IT workers who need to deploy an encryption solution across multiple portable devices in their unit should give special consideration to the centralized key management features offered by the product vendor.
| Company | Product | Platform | Website |
| PGP | PGP Whole Disk Encryption | win/mac | www.pgp.com |
| Microsoft | BitLocker | WinVista | www.microsoft.com |
