What would you do if your laptop was stolen?  Think about this.  I’m not talking about just replacing the hardware.  What do you have stored on it?  I know, I know, we keep talking about backing up your laptop, and maybe you did, but in this case, I’m not talking about LOSS of data.

If your laptop was stolen, what kind of data would now be in the hands of strangers?  Credit card numbers, personal information, social security numbers?  What about your employees personal information?  What about their social security numbers, driver’s license numbers, addresses?  This could add up to quite a bit in legal fees, not to mention fines and possible jail time.

What can you do?  With Windows 7, the solution is simple.  Enable BitLocker and use strong passwords.  And no, 123456, your dog or cat’s name, “password”, and other such nonsense is not a good password.  I think that eventually the courts are going to take this seriously.  I’d rather not be the “example” case.

What does BitLocker do?

From Microsoft Technet (http://technet.microsoft.com/library/cc766200.aspx#BKMK_WhatIsBitLocker)

Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers and in Windows Server 2008. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned.

Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software attack tool against it or by transferring the computer’s hard disk to a different computer. BitLocker helps mitigate unauthorized data access on lost or stolen computers by combining two major data-protection procedures:

    • Encrypting the entire Windows operating system volume on the hard disk. BitLocker encrypts all user files and system files in the operating system volume, including the swap and hibernation files.
    • Encrypting multiple fixed volumes. Once the operating system volume has been encrypted, BitLocker can encrypt other volumes. This feature requires a computer running Windows Vista Enterprise with Service Pack 1 (SP1), Windows Vista Ultimate with SP1, or Windows Server 2008.
    • Checking the integrity of early boot components and boot configuration data. On computers that have a Trusted Platform Module (TPM) version 1.2, BitLocker uses the enhanced security capabilities of the TPM to help ensure that your data is accessible only if the computer’s boot components appear unaltered and the encrypted disk is located in the original computer.

BitLocker is tightly integrated into Windows Vista and provides enterprises with enhanced data protection that is easy to manage and configure. For example, BitLocker can use an existing Active Directory Domain Services (AD DS) infrastructure to remotely store BitLocker recovery keys. BitLocker also provides a recovery console that enables data retrieval for computers that are not members of the domain or computers that are unable to connect the domain (for example, computers in the field).

Basically what this means is that it encrypts your hard drive so that no one can read it.  If someone were to take your hard drive out and put into another computer, all they would see is gooble-de-gook.

The advantage of doing this is obviously so that your data remains secure.  The disadvantage is that should you lose your password, your data is unreadable.  Because of this, it’s even more important to have an offsite copy of your data.  And by that, I mean a secure offsite copy.

We still don’t know the ramifications of using a service such as DropBox or GoogleDrive.  Google, for instance, has been given multiple opportunities to clarify their privacy and terms of use.  The only response has been about as clear as mud.  Only time will tell if their current policy is just for legal protection or if it is for ulterior motives. Specifically, my interpretation is that they can publicly display any content you store on their systems, but the data is still yours.  Make sense?  It doesn’t to me either.  One could argue that they are protecting themselves and  by using the term “publicly display” so that if there is a security breach they are not held liable, or they could be referring to simply displaying the data on a web page only to be viewed by those authorized to view.  Except, they don’t say that.

At any rate, when you are dealing with personal information, it’s important to understand the risks involved in cloud storage.  Actually, it’s important to the risks involved period.  Even if you store your data on a server, locked in your office, and someone breaks in and steals the server.  Unless the hard drive is encrypted with BitLocker or something similar, your data is completely unprotected and insecure.  Anyone can bypass the Windows security on your server and gain access to your data.

If you’d like to discuss this further, give us a call and I’d be glad to discuss this further and to determine what works best for your company.


%d bloggers like this: