Additional threats and challenges, such as a lost laptop, highlight the need for increased security. But what should an IT manager keep in mind when he's securing corporate laptops and the important data stored on them? Consider the following tips when you're tightening your laptop security strategy:
Educate all users on the importance of laptop security and enforce your policies. Identify risks and spread the word to all users about what's being done and why it's important. One policy that should be in place is guidance for users about what they should do if they lose a company laptop.
Consider full-disk laptop encryption. Midmarket organizations are looking to full-disk encryption on company laptops to ensure they are meeting compliance regulations and state data-breach laws. There are many tools designed for this type of protection that SMBs can take advantage of. Smaller organizations may be able to get by with one of the free open source options, such as TruCrypt. Microsoft BitLocker, available for some Windows Vista and Windows 7 users, offers full-volume encryption; new versions will also encrypt data on removable media, such as USB flash drives.
As you're evaluating vendors and service offerings for full-disk encryption, keep ease of deployment and central management in mind. For a smaller IT shop with many users and limited resources, an automatic installation process can ease some of the burden on IT.
Tighten laptop login requirements. Stress the importance of strong passwords, and ensure that password reentry is required for the initial boot, as well as on returning from standby or sleep mode, system hibernation, and screensaver time-outs.
Make sure that Windows-based laptops have a standard security configuration, and that all systems automatically download and install security updates.
Be aware of noncompliant machines. Take steps to increase MacBook security by encrypting sensitive data and using antivirus software.
This was first published in February 2010