|
FYI
Where And When A poll of 231 IT pros from companies larger than 300 employees showed that, within a work environment, notebooks are most likely to be stolen from a cubicle. Outside work, cars barely edged out airports as the most likely places for theft. (Source: Kensington Data Security Survey)
|
Buh-Bye
Once a laptop is stolen, there's little you can do to recover it. National registries for stolen laptops aren't universally checked, especially by people buying from online auction sites or at flea markets. The exception to this is if you install theft-recovery software, such as those we evaluate in this article. However, there are limits to how effective these programs are.
And though your hardware might be history, your data could be safe--if it had been encrypted. You can encrypt individual files and folders or you can encrypt the entire disk. Microsoft Windows 2000 and XP users who want to encrypt individual files can use the built-in EFS (Encrypted File System) utility. Simply right-click a file in Windows Explorer and select encrypt. Of course, just because a file is encrypted does not mean it doesn't reside elsewhere on the disk. EFS works on individual files and directories only, not on the entire disk. It does not encrypt temp files and printer spools, nor the swap file. One Microsoft recommendation is to encrypt the temp directory also, but you still can't encrypt the swap file. Guidance Software makes a product called EnCase that is targeted to law enforcement for hard-drive forensic study. Using EnCase, we found in the Windows swap file pieces of a large text file we had encrypted using EFS.
Furthermore, deleting a file does not actually erase it; it just removes the markers defining where the file is stored. Only by overwriting a file is it really deleted. You could overwrite many previously deleted files by defragging your hard disk, and there are programs, like WipeInfo in Norton Utilities or Jetico's BCWipe, that will delete a file and then immediately overwrite every sector it occupied.
The downside of using a file- or folder-based encryption program is that it puts the decision to encrypt in the hands of users, who may forget to encrypt a document after working on it or even leave temp files all over the place. The only way to truly protect data is to use a full-disk-encryption program. The other advantage of full disk encryption is that even deleted files are encrypted, so you don't need to worry about overwriting. Not many of these systems are available, but we examined a few.