How to: Secure Your Mobile Workforce for Less
September 01, 2009
Mobile security is essential, but it need not be expensive. We offer ten ways to minimize threats to your laptop at little or even no cost.
The security of your corporate data and the integrity of your company network are put at risk whenever you travel with a business laptop. Thats because the laptop is no longer protected by the physical security that your office provides, or the security systems designed to protect the software running on it. And any malware that gets on to your laptop has the potential to infect other devices on your network next time your laptop connects to it.
But mobile security need not be expensive. Below are ten ways you can minimize these risks to your laptop at little or even no cost.
1. Encrypt the hard drive
If your laptop is lost or stolen, anyone who gets their hands on it could steal your data, read confidential e-mails, communicate with your contacts, and possibly even connect to your corporate network and cause even more havoc.
The best way to prevent this is to encrypt the laptops hard disk so that a password has to be entered before the computer will boot. This will also make your data inaccessible even if the hard drive is removed and connected to another computer.
For laptops running Windows Vista Ultimate or Enterprise you can use Microsofts BitLocker utility, included with the operating system, to encrypt the system drive. For other Windows, Linux and OS X systems the open source TrueCrypt application will do the same job for free.
2. Use a VPN
Connecting to the Internet from a business center, Internet cafe, or airport hotspot presents a serious security risk as these are environments where it is relatively easy to intercept your data. A VPN encrypts all data before it leaves your laptop, and keeps it encrypted until it reaches a trusted environment, such as your home or office network. If your company doesnt provide a VPN, try the free OpenVPN. Simpler-to-use solutions include paid-for services, such as HotSpotVPN which uses OpenVPN, or remote access services, including GoToMyPC or LogMeIn, both of which use data encryption to connect your laptop back to a trusted office or home network.
3. Update and patch your software
Most operating systems allow you to download and patch your system automatically, so its wise to ensure that this option is enabled to prevent it being vulnerable to known exploits. (Most systems recently infected with the Konficker worm had had Windows update disabled.) You can check for updates to common Windows applications using Secunias online software inspector.
4. Run a firewall and anti-virus software
There is some debate about how necessary anti-virus software is on Macintosh and Linux laptops, but it is wise to err on the side of caution. At the very least you should ensure a firewall is running. ClamWin is a free anti-virus applications for Windows, available from http://www.clamwin.com.
Alternatively, use a portable security device such as the Yoggi Pico USB security appliance which includes firewall, anti-spam and anti-virus scanners and intrusion detection on a device the size of a USB memory stick.
5. Bolt down your browser
If you use a Windows laptop, switching from Internet Explorer to Firefox means you are less of a target to hackers. You can enhance you security further by installing several add-ons, such as NoScript which can protect you against cross site scripting and clickjacking attacks. (Learn more about about security add-ons for Firefox at our sister site EnterpriseNetworkingPlanet.)
6. Chain up your laptop
Most laptops have a security cable socket (known as a Kensington slot), which allows you to physically attach your laptop to a desk or table. While this may not be necessary most of the time, using a security cable is a sensible precaution at conferences or other busy environments where you may be distracted and unable to keep watch over your laptop all of the time.
7. Encrypt your e-mails
If you cant use a VPN then you should avoid using standard e-mail applications to connect to POP3 and SMTP servers that dont use encryption. If you do then your user names and passwords could easily be intercepted, making all your e-mail from that moment on insecure. (This is not the case if your e-mail servers accept SSL or TLS connection, however.) If your data is confidential, it still makes sense to encrypt the contents using software, such as the open source GNU Privacy Guard (GPG) and the FireGPG Firefox extension. (More details about GnuPG-based e-mail security at our sister site EnterpriseNetworkingPlanet.)
8. Keep your backup data secure
Keeping backup copies of important data and passwords separate from your laptop is always a sensible precaution in case your laptop is lost or stolen while traveling. To keep them secure ensure they are stored in encrypted form, ideally on a USB drive.
You can store files on an encrypted partition on a standard USB stick using the free TrueCrypt, as long as you can remember a long and secure password to protect it. For even more security you can secure files and passwords on a special USB stick like the IronKey The IronKey includes a feature which causes the device to self-destruct if the wrong password is entered ten times in a row, effectively preventing brute-force attacks which involve trying millions of different password possibilities until the correct one is found, and therefore making shorter, more memorable passwords more secure.
9. Practice safe computing
A laptop connected to the Internet outside the corporate network is not usually protected from malware to the same extent that it is when inside the corporate firewall protected by network security appliances. For that reason it is especially important to avoid opening attachments or clicking on links in emails from unknown senders, or visiting untrusted Web sites. Doing any of these things risks infecting the laptop with malware.
Laptop users also often carry their computers around in bags, which are very obviously laptop cases, advertising to thieves that they have a valuable piece of equipment. It makes much more sense to carry your laptop in a plain bag or briefcase which is a much less tempting target to criminals.
10. Password protect.
If you are not using your laptop, its best to shut it down completely. That way anyone who gets their hands on the machine will be unable to get past the security provided by BitLocker or TrueCrypt. However, protecting the machine from coming out of screen saver mode without a password provides some (weak) security against an opportunist who may get access to your laptop for a short period while your attention is diverted.
Article courtesy of EnterpriseNetworkingPlanet.