Laptop security tips: The physical perspective

Michael Cobb reviews tools and tactics that can help you limit the damage of a laptop loss.

Many laptops and mobile devices are lost each year, so their physical security should be high on any priority list, particularly as the right protection can save time, money, data and embarrassment.

In this tip, we’ll explore laptop security best practices and the available tools and technologies that can help you lock down your laptop.   A lot of the improvements I am going to cover are straightforward to implement and won't break your budget. Take the Phoenix Freeze, for example. The protection mechanism costs just $14.95 and locks and unlocks your laptop using your Bluetooth-enabled phone. Let's look, however, at a wider range of physical laptop security options.



Identification tags
Asset tags, or identification marks, are an obvious laptop protection choice as long as they are not easily removable. A cheap alternative is to mark or engrave the outer case of the laptop with a contact number. This can greatly increase the chances of getting the computer returned if it gets lost, and the ID is often enough to deter the opportunist thief who is only interested in the resale value.

The STOP security plate is a bar-coded metal tag with a registration number, indelible identification and 24x7 hotline number. The make, model, serial number and laptop owner are also stored in an online asset tracking database.

Locks, cables and safes
Another effective method of deterring the casual thief is to use a security cable, connecting the laptop from the Universal Security Slot to a strong immovable and unbreakable object. Remember, though, that this won't stop someone from walking off with any attached peripherals such as USB thumb drives. Keep those items with you at all times!

For overnight protection, consider a portable safe such as the PortaSafe, which also sounds a powerful alarm if an attempt is made to cut the cable or tamper with the safe door. An added advantage of using a safe is that all the laptop's peripherals are secured as well.

Privacy screens
You, of course, need to prevent shoulder surfers from seeing the documents that you're working on. Here, privacy screens, such as those produced by 3M Corp., narrow the viewing area so screen data is visible only to those directly in front of the monitor.

Motion sensors
When working away from the office and it's not practical to take your laptop wherever you go, motion sensors can provide additional security. The Targus DefCon Motion Data Protection PC Card, for example, sounds an alarm, encrypts the computer's files, and shuts down the laptop if it is moved too far. The mechanism even requires a series of motions, instead of a password, to unlock the machine again.

The Kensington Sonic Lock from the Kensington Computer Products Group is another option. The product has a combination lock with a built-in motion sensor that sounds at 100 dB if the unit is moved.



Travel tips
If you're travelling with a colleague, use a buddy system to watch each others' backs while making calls, ordering food or drinks, or going to the lavatory. If you are on your own, consider a backpack which makes it easier to keep your laptop on you in such situations.

Also try to avoid using flashy carry cases as they can attract unnecessary attention, particularly if they feature corporate logos.

Always travel with a car that has a locking boot and never leave your laptop in a vehicle where it can be seen through the window. Even when it's in the boot, use your cable lock to secure it.

Of course, a laptop should only have the minimal amount of data stored on it that's required for the current task. If a laptop is being taken on a sales pitch to a client, it doesn't need the entire client database and budget figures on it, just the presentation.

If you do need to have access to sensitive documents, consider using offline storage as a way of transporting the data, instead of bringing it on the laptop. The data can then be securely accessed when you've arrived at your destination.

Laptop security policies
For whatever laptop security policies that you put in place, users should sign off on them whenever a portable computer is taken out of the office, thus ensuring they remain aware of their responsibilities in the protection and, potentially, replacement of the device.

You should also make them aware of the potential value of any data stored on their laptop; combined with a healthy dose of paranoia, this will make them treat it with the care it deserves.


Unfortunately, even with all these measures in place, your organisation may still have a laptop go missing. It's essential therefore that your security policy includes an incident plan.

Incident response plan
You will need to ascertain how vulnerable the laptop is: What was on it? Does it have remote access software? You should have a contact list of those people or organisations that need to be notified -- police, clients or other third parties such as tracking services.

Dell offers a range of laptop and data protection services, including Laptop Tracking and Recovery for lost or stolen laptops and Remote Data Delete, so that administrators can remotely delete sensitive data if a laptop is lost or stolen. Similar services are offered by AbsoluteSoftware Corp. and Trace Technologies LLC's zSecurity Suite.


Laptop authentication
To make life harder for anyone who does take a laptop, make sure to implement strong BIOS passwords and hard drive passwords. The latter prevents a laptop from being usable if a hard drive is removed and reinstalled into a similar machine. Of course, users who do carry sensitive data should have encryptable drives or files. Many laptops now have fingerprint readers built-in, allowing a fingerprint to be used instead of a password to log in to the machine. DigitalPersona Inc. provides swipe fingerprint readers so your fingerprint can replace all your passwords.

Finally, remember that if mobile workers access the Internet via public Wi-Fi, then an attacker doesn't necessarily need physical access to steal data from it. Infrared and Bluetooth ports should certainly be disabled on laptops if not needed, and your security policy must include strict rules on accessing the Internet outside the safety of the office. If there are no open communication channels, then you only have to worry about the laptop's physical security.

About the author:
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications.

Read more on Data breach incident management and recovery