12 Apr Identity Theft and Bouncing Laptops
A true story…
A few weeks ago, as I was picking up my children from my wife’s parents home, my father- in-law said, “Wait a sec, I have something for you”. He went away for a moment and came back with a small Gateway netbook computer. He told me that he’d been driving down the street and spotted it (get this) on the STEET! He stopped, picked it up and drove home.
I took that puppy home with me, powered it up and within 30 minutes I was dialing the owner’s home phone number (which was in Ottawa) to find out if someone there was missing a laptop. The person at the other end said that her husband who was in Winnipeg, was in fact missing his laptop – that he’d left it on the roof of his car and drove away only to realize what he’d done when he arrived at his destination sans laptop.
Needless to say, the gentleman was very happy to have his laptop returned to him. But what really prompted me to write this story was not that a Gateway computer withstood a few G’s of gravity when it hit that pavement – it was about how easy it was to get that person’s most private information.
We at Seerx, have always felt that the only role a laptop should play, is as a dumb terminal – as a portal to the office computer thru a secure VPN tunnel, a LogMeIn session or a segregated Remote Desktop session (one that has only allows RDP sessions from certain external IP addresses).
Having said that, we also know that some people insist on carrying vital data on their laptops. So we have been promoting self encrypting hard drives from Seagate on Latitude laptops from Dell. You don’t have to do anything special – other than remember the password you used to encrypt the drive – you need it every time you start the computer. That way, no matter who gets their hands on that drive, they won’t be able to look at your data without that encryption key (password).
For those of you that have already purchased a laptop without a self-encrypting hard drive, we highly recommend TrueCrypt, an after market, open source encryption software. It is entirely free to download and install, though you can donate whatever amount you feel this program justifies. We do highly recommend making an image backup of your entire hard drive before attempting to do this of course. It encrypts the entire hard drive. Decryption is “on-the-fly” meaning that it unencrypts files as you need them. We’ve done some before and after speed tests, and there is very little if any at all performance degredation. Amazing really.
If that sort of software or hardware isn’t to your liking, download, install and use AxCrypt. It’s another free software encryption tool. Encrypt a folder on your desktop, drop your most crucial files in there and sleep better at night knowing that if that laptop were to fall into the wrong hands, it really wouldn’t matter.Unless of course, you had no backups (see GotData? to help you with that!)
So how would I have been able to return that laptop to that person IF the drive had been encrypted? One possible solution is an aftermarket product called StuffBak. It’s basically a little tag, with a toll free number and a serial number that will allow owners and finders the ability to get the “found” article back in the owner’s hands. Neat.