Personal Cyber Security Threats

Laptop Stolen From Car

Keep your data secure after your laptop or phone is stolen

“It was early, about 6:30 AM and it happened so quickly”, the executive said to me over his iPhone.  He was a seasoned business traveler, having worked in Lagos, Johannesburg, and other risky places around the world.  “I’m in Italy at the . . . , presidents and royalty stay here”, he yelled over the phone.    The perturbed executive went on to describe how his laptop was stolen in a hotel.

It was the first day of a European business trip and he woke up early.  He went down to the hotel’s continental breakfast and placed his Tumi bag on a chair.  With pastries and croissant in hand, he returned to the chair and discovered the bag containing his laptop and USB flash drives was missing.  Hotel security said, they saw the thief on video camera footage but, the theft turned their face away from the camera, which left little hope of recovery. 

Cyber security awareness has never been stronger, news cycles of malware and hackers stealing information over the Internet has everyone questioning a slightly suspicious email.  The executive described was not the victim of some super advanced state sponsored malware, he was a victim of physical theft. 

Physical IT Security is easily overlooked with the attention given to cyber threats coming out of the Internet, but it is something that should be part of everyone’s cyber protection strategy.   Laptop, tablet, and phone theft are one of the most common digital crimes and there are easy preventative measures you can take to secure your data.

Even the most conscientious and watchful person will make a split second judgement error and leave a laptop unguarded in a public or semipublic area.  If you don’t have your laptop, tablet and phone locked in a bank safe, you should assume that it will be stolen at some point.   It is important that you take steps to prevent your data from being accessed, in the event someone were to obtain physical access to your device.

Using full disk encryption is one of the best things you can do to ensure that a stranger is not able to obtain access to your data once your device is stolen.  This is my number two recommendation I make to clients after recommending installing up-to-date anti-malware software on their computer. 

Full disk encryption requires you to enter a password when you start your device which then allows the device operating system to decrypt the data and you to access it.  The data on an encrypted hard drive is unreadable and useless to a thief without the password to decrypt it.  Assuming your data is backed up, your only loss in a theft situation will be the cost of the device.

Entering a password when you start your computer, tablet or phone does not mean that that data on it is encrypted. Full disk encryption is a setting that must be specifically enabled on the computer, tablet, or phone operating system.  On newer Windows and Mac computers this is an easy setting to change and on older machines, 3rd party encryption software is required.  For tablets and phones that have the Android or Apple iOS operating system, full disk encryption is also a setting that can be enabled.

 

 

How to enable full disk encryption on your device

 

·       Windows BitLocker, available on Windows Pro 8 or Windows 10 http://go.microsoft.com/fwlink/?LinkId=53779

·       Windows RT 8.1 PCs, and in Windows 8.1 PCs
http://windows.microsoft.com/en-us/windows-8/using-device-encryption 

·       Windows 7, Windows Vista and Windows XP, require a 3rd party tool.  We recommend Symantec Drive Encryption (powered by PGP Technology)
https://www.pccybersecurity.com/store/index.php?rt=product/product&product_id=149

·       Apple FileVault, available on Mac OS X Lion or later
https://support.apple.com/en-us/HT204837

·       Linux Ubuntu
https://help.ubuntu.com/community/FullDiskEncryptionHowto

·       Android, Tablets & Phones (the process may very slightly by device manufacturer but this link should provide the general process)
https://support.google.com/nexus/answer/2844831?hl=en

·       iOS, iPhone 3GS and later, all iPad models and iPod touch (3rd generation and later)
https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf

 

 

Data stored on portable USB flash drives and hard drives is also a high data loss risk.  These devices should be encrypted to safeguard your data in the event a USB is lost or stolen.  Encrypting a USB flash drive sounds complicated, but there are simple methods to encrypt and decrypt data on a USB through built in hardware in the USB device or through software on your computer. 

For sensitive data, we recommend using hardware encryption and decryption because it is easy to use and provides the highest level of security.  Hardware encrypted USB devices are more expensive than transnational USB storage which presents a downside to cost conscious organizations.  This cost increase turns into a cost savings when you look at the cost of one data breach due to a lost USB.  There are several manufacturers that produce hardware encrypted USB devices and you should look for those that have a National Institute of Standards (NIST) FIPS 140 certification to know that they provide the highest level of security.

Most hardware encrypted USB storage devices require you to decrypt the device through a software prompt on the computer screen.  This method can present challenges when software compatibility issues with the software arise. To solve this issue, manufactures have invented new USB devices that use a physical keypad to encrypt and decrypt the device.  The manufacturer Apricorn produces several models that provide FIPS level hardware encryption using a keypad built into the device.    These device work with all operating systems (Windows/Mac/Linux) and you are less likely to run into compatibility issues.  A range of Apricorn Aegis Secure Key and Aegis Padlock models can be found on our website.

There are many software programs that can save data on a traditional USB storage device in an encrypted format.  The downside to software encryption is easy of use due to the requirement that the same software program must be installed on the PC that you wish to open the data on.  This can create challenges when sharing files between different computers, if the same software is not installed on both PCs.  Examples of this type of encryption software include Symantec Drive Encryption (powered by PGP Technology) and Bitdefender Total Security.

Using these data encryption methods are worth the minimal extra cost and effort, it will save your organization considerable headaches when a device goes missing.  The executive’s stolen laptop bag contained sensitive customer, employee and company information which caused him great concern.  We were able to reassure him thanks to the full disk encryption on his laptop and the hardware encrypted USB storage devices he was using.  This saved us from embarrassing notifications to customers, employees and regulators about a potential data breach.

The stolen laptop was an annoyance, but everyone on the team was able to breathe a sigh of relief by knowing the thief would not be able to access any data.  The executive’s data was also remotely backed up so we were able to get him a new PC the next day with all of his information restored. 

 


 John Riley is the Director of Cyber Intelligence at Private Client Cyber Security and can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it.




 

About Private Client Cyber Security

Former U.S. defense industry cybersecurity executives founded PCCS after struggling to convince large cybersecurity companies to address the cyber risks of public persons and small sized business. 

PCCS provides enterprise-grade cybersecurity consulting and services to professional practices, executives, athletes, and high net worth families.

We strive to provide a personal, professional and a next-generation technology level of cyber protection to our clients. 

 

Latest Cyber Threat Blogs

Twitter @PCCyberSecurity

Search