Securing Laptops

In Brief

Laptops are special computers as they can not only be transported outside the company, but they can also connect to other networks, some of which may have little protection, such as hotel networks.

Given that they can be transported outside the security perimeter of the company, they are subject to the risk of loss, theft or accidental destruction.

Generally speaking, laptops should be considered as computers outside the company.

The recommendations given below are provided solely for portable computers. It is strongly advised that the general recommendations for fixed workstations are also followed.

Recommendations

• It is strongly recommended to encrypt the hard disk of a portable computer which holds sensitive information to prevent any leak of information in the event of theft or loss. In this context, it is recommended to use a strong authentication method (very long password, USB holding an encryption key, etc.) for disk decryption.
• It is strongly recommended to only have data that is absolutely necessary for the assignment for which it is intended on the portable computer. This data must necessarily be encrypted to prevent any loss of confidentiality in the event of theft (e.g. with TrueCrypt encryption).
• It is strongly recommended to fit an anti-theft cable to the computer. This cable should be used whenever the portable computer is used outside the organisation.
• It is strongly recommended to customise the look of your portable computer so that it can be quickly identified if it is taken by deception. Draft and enforce a sectoral policy on physical and environmental security within your organisation – Off-site equipment security.
• It is strongly recommended NOT to use unencrypted Wi-Fi networks. Any traffic can be recorded and analysed over such networks. Draft and enforce a sectoral policy on access control within your organisation – Use of external networks.
• It is strongly advised NOT to connect portable computers directly to the internal company network. Set up a dedicated sub-network that will filter out potential attacks from infected laptops.
• It is strongly recommended not to use encrypted Wi-Fi networks or encrypted fixed networks that cannot be trusted. In such cases, it would be preferable to use mobile telecommunication connections, such as Mobile Hot Spot (tethering). Draft and enforce a sectoral policy on access control within your organisation – Use of external networks.
• It is strongly recommended to use a confidentiality filter if the portable computer is used for work in public locations such as bus and train stations, airports and planes. This is a plastic film placed in front of the screen preventing the screen from being read from a wide angle.