[Reading time: 3 minutes]
I recently recommended that we regularly review the security of the back doors in our IT systems.
I also promised to discuss some of the not-so-obvious back doors.
Back door #1: The hard drive on your laptop.
Your password will stop someone from logging into your device and getting at your data.
But that may not stop them from getting at the data through a back door.
One back door could be the hard drive of your laptop. (The ‘hard drive’ is where all of your local files are stored. People may also call it the ‘hard disk’, ‘HDD’ or ‘SSD’. Let’s not get caught up in the technical terminology.).
If someone wants to get at the data on your laptop but does not know your password, they may still be able to do so by:
- Removing the hard drive from your device, and
- Plugging it into their device.
There are a few steps involved, but it’s not rocket science.
How can you prevent this?
There is a simple solution to this problem: It is called disk encryption.
When a hard drive is protected with disk encryption, the data on the hard drive cannot be accessed without your login password or the disk encryption password (sometimes called a ‘recovery key’).
For many years now, disk encryption has been enabled by default on Apple iOS devices and on Android devices.
But it is not enabled by default in Microsoft Windows 10. And apparently, it’s a similar story with Apple Macs.
How can you check?
In the Home Edition of Microsoft Windows 10, disk encryption is called ‘Device Encryption‘. In other editions, it is called ‘BitLocker‘.
To check if disk encryption is enabled on your Windows device:
- Open Settings.
- Go to Update & Security.
- On the left, scroll down to the bottom and click Device Encryption**.
On Apple Macs, disk encryption is called ‘FileVault‘. To check if it is enabled on your Mac:
- Open System Settings
- Go to Privacy & Security
- On the right, scroll down to the Security section – FileVault is listed here.
If it says it is turned off?
If you are responsible for the security of this device:
- I recommend you turn this on.
- Make sure you write down the recovery key, because you will need this to recover your data if you are unable in the future to log in to the device with your password.
If someone else is responsible for managing the security of this device, I recommend you do the following:
- Ask them why this is not turned on.
- Unless they have a logical explanation, tell them to turn it on as soon as possible.
- When they say this has been done, ask them for evidence to prove it.
- Regularly check that it remains active on all devices, especially when a new device has been introduced to the organisation.
- And then think about whether this revelation tells you that the people you thought were managing your IT security are really up to the job. If they haven’t turned on this basic security setting, what else have they not done?
** If there is no ‘Device Encryption’ option shown:
If it is not listed as an option, this may indicate that your device does not meet the minimum specification required for disk encryption. There are alternative solutions – Get in touch and we can talk about them. But when handling important data, you really should be using a device that is capable of running disk encryption.