How can I protect my data if my laptop is stolen?
How much security do you need, and how much are you willing to pay for it? The answers will depend on what kind of information you want to protect, where the information is stored and who you are protecting it from.
People in the medical and financial industries also have to take extreme care of laptops that contain other people’s personal data, because they can be fined for losing it. But if your laptop is for personal use only, what’s the actual risk, and how can you minimise it?
Passwords and encryption
If someone has physical possession of your laptop, passwords are not much help. They can use a guest account (unless you disabled it), boot your PC with a different operating system (Linux), or remove the hard drive and install it in another PC. Encryption is the only viable defence.
For many years, most geeks used TrueCrypt for this purpose. More recently, many switched to VeraCrypt, which is based on TrueCrypt 7.1a. DiskCryptor is a viable alternative.
The Intercept has a useful article, Encrypting Your Laptop Like You Mean It, which covers Windows, macOS/OS X and Linux. It points out that full disk encryption (FDE) doesn’t protect you against malicious websites and viruses, nor does it stop internet surveillance. Even a fully encrypted laptop can be hacked using, for example, the “evil maid” attack.
Of course, if you go for FDE, you must remember your password, or you lose access to your PC. It may therefore be safer to encrypt important files and folders, which you will obviously have backed up somewhere else.
You can do this with Windows 7 Pro’s built-in encrypting file system. Right-click the file or folder, select properties, and click the advanced button to bring up the sheet called “advanced attributes”. The bottom half offers two options: “Compress contents to save disk space” and “Encrypt contents to secure data”. This doesn’t ask for a password: it uses a file encryption certificate, which you have to back up to a USB key or similar.
You can also do the job with VeraCrypt, or – my preference – with a file compression/archiving program such as 7-Zip, PeaZip, WinRAR and so on. For maximum security, you should use a recent archiver that supports 256-bit AES encryption. Manchester University has a handy guide to using 7-Zip (PDF).
Biometrics and authentication
Governments and large corporations often use biometrics and two-factor authentication (2FA) to increase security. Some laptops have had built-in fingerprint readers since the turn of the century, and AuthenTec shipped 100m fingerprint sensors before Apple bought the company. Various laptops have also shipped with face- or iris-recognition programs that use built-in webcams.
Ideally, the biometric should be linked to the encryption system. For example, Dell’s Digital Persona Fingerprint Suite provides one-touch log-ons and also adds the option to encrypt and decrypt files.
Two-factor authentication is becoming increasingly popular. It is usually based on something you have, plus something you know. The most familiar example is a bank card and a pin. For many years, some business laptops have used slot-in smartcards for extra security, or small gadgets that generate the required pin.
Today, 2FA is often based on using a smartphone. For example, to confirm a Microsoft, Google or a Twitter account, the company sends you a passcode in an SMS message.
The obvious next step would be to use a smartphone to secure your laptop. One example is the Rohos Logon Key, which works on Windows PCs and Macs.
Rohos also offers a system that lets you log on to your laptop using a USB thumb drive as a security token. Alternative systems include KeyLock and USB Raptor. However, I’ve never used any of these. Worse, I’ve never seen anyone else use them either.
Email and web security
If there’s any compromising data on your laptop, you can remove, encrypt or otherwise hide it. The problem is that someone who can access your laptop may also have access to your email and all the websites you use, including Facebook, Twitter and Amazon.
This problem is usually that passwords are stored, for convenience, in the browser. The solution is to remove them and either remember passwords separately, or use a master password or password manager. For instructions, search for “manage passwords” and the name of your browser.
Email is also risky. Your mailbox probably contains lots of information that would be useful for identity theft. It may include emails containing plain text passwords, and someone with access to your email address can get other account passwords reset. Further, your email password may provide direct access to many other services including cloud drives (OneDrive, Gdrive etc), camera rolls, blog sites and other personal stuff.
You may be able to avert the worst even if your laptop is stolen. For example, Prey is a free program that lets you track the location of a stolen Windows or Linux PC, a Mac or Android device.
Windows 10 includes “find my device” tracking as standard, but it doesn’t have “remote wipe”. Also, it won’t stop the thief from doing a factory reset then selling your laptop, though that may be the least bad outcome from your point of view.