[Reading time: 27 seconds]

At last week’s security workshop, I was asked whether a long and unique password is enough to protect a lost or stolen laptop.

The simple answer is no.

Why?

Unless other security measures are in place, the hard drive in the laptop could be removed and connected to another device.

This is not a difficult thing to do.

Once done, all of the files on the hard drive will be accessible. No password required.

This includes:

  • Everything on your C: drive,
  • Everything in your “My Documents” folder,
  • Everything that you synchronised to the laptop from the cloud, and
  • A copy of your email mailbox (if you used an application like Microsoft Outlook or Apple Mail on the laptop).

So what?

If this scenario is not a concern to you, how about the knock-on effects?

For example:

  • Clients may need to informed if their confidential data was stored on the laptop.
  • Someone may need to inform the relevant data protection regulator if personal data was stored on the laptop.

What should you do?

To stop this happening, disk encryption needs to be enabled on your laptop.

  • On Microsoft Windows, this is called BitLocker or “Device Encryption”.
  • On Apple MacOS, it is called FileVault.

If someone else manages the security of your laptop, you can hope (or you can check) that they have enabled this security measure.

If you are responsible for managing the security of your laptop, then you need to do it.

Now.

 

Need more help?

If you are responsible for the security of your laptop (and your phone, e-mail account, and other cloud accounts), and you need specific advice on the reasonable steps that you can and must take, my “Zero to Hero” security workshop this Thursday or next Tuesday may be exactly what you need.

You can learn more at https://codeinmotion.ie/zero-to-hero