Mar 26, 2012

The Importance of Using Mobile Encryption


This might come as a surprise to you, or perhaps even alarm you, but on the city of London’s public transport system alone, around 200 laptops are handed into lost-property offices every day.  This figure, which doesn’t even include all the ones that are never recovered, extrapolates out to over 50,000 every year just for the buses, taxis and underground trains in a single British city.
London is the country’s largest centre for business, with head offices for many major multi-nationals, web commerce firms and government agencies (including the security services and the armed forces).
Bitlockericon
It is reasonable to assume that the majority of the lost laptops, and remember that 200 a day figure is onlyfor the ones that are recovered, are business machines that could will certainly be carrying private company emails and possibly even extensive customer or business project data.

Now with a business machine there will be a log-in for a laptop. But is it ever really enough?  The one thing that a password won’t protect against is the physical removal of the hard disk from a laptop, something that’s becoming easier to do as the hardware in many business machines becomes more user-upgradable.  I have a dock for a laptop drive that I need for my work.  It cost me a little over £10 and its USB3 connection means I can copy the entire contents off a drive in short order.
Even putting a system password on the laptop’s BIOS won’t protect against this.  But how likely is it that anybody would ever physically remove a hard disk anyway?  It could be argued that any thief would simply reformat a disk they couldn’t access, wiping the data.
While this might be true for some less-educated and tech-savvy thieves, the value of data is rising every day and commercially such information can be sold, used for corporate blackmail or perhaps even worse.  With this I mean that the fines for breaches of the data protection act in the UK can be harsh, especially with the high-profile breaches we’ve heard about over the last few years.  These breaches again, don’t forget, are only the ones that we’ve heard about.  We can be certain that there are a great many more that occur every single day.
So how can your company, or an individual, protect their data on a laptop when lugging it around in the back seat of the car, on the tube or in a taxi?  The Encrypting File System that’s been a part of Windows for over a decade is one solution, but it’s not ideal as it maintains file encryption when files are copied off the computer.  If something then goes wrong with the host computer you could find yourself unable to access both the original and the now encrypted backups.
Bitlocker in Windows Vista and Windows 7 is the answer, and this is a feature that will expanded and carried forward into new versions of Windows.  It is a full-disc encryption system that is so secure that the US State Department once asked Microsoft to put in a back door (which they sensibly refused to do).
Laptops with Trusted Platform Module (TPM) chips on the motherboards which carry the encryption keys are becoming much cheaper and more commonplace.  This chip will prevent the data form being read even when the hard disk is removed.  Bitlocker is, frankly, the only way to secure your data for laptops running Windows.
So why should you do this?  After all, you can’t afford to replace all your laptops today with TPM-enabled ones.  As a purchasing policy for any company this should be at or near the top of the list.  The data protection registrar in the UK is getting less and less tolerant every day with privacy and data breaches, and the EU is also jumping in with their own legislation and fines.
If those fines don’t put your company is a very difficult financial position then the negative publicity and the loss of customer confidence could shut you down completely.  It is wise to remember that even in this social Internet age, people do not give away their personal data freely.  Everyone is becoming more aware and savvy of the need to protect their privacy, and if that means withdrawing completely from a company, online or otherwise, to do so they probably won’t hesitate.

No comments:

Post a Comment