One of the easier ways to ensure compliance with different data security laws is via the use of laptop encryption software. I won't claim that it's a silver bullet, since this particular form of data protection cannot protect against all types of attacks; however, it's effective against 33% of data breach vectors faced by organizations.
Laptop encryption goes by many names: whole disk encryption, full disk encryption, hard disk encryption, etc. The point is that the storage disk inside the computer (aka, the hard disk drive) is encrypted in its entirety. What this means is that anything saved to an encrypted computer will end up encrypted as well. Contrast this with a computer that uses file encryption, where individual files are encrypted, and consequently, unencrypted files also exist on the same computer. Now, if you are a careful, methodical person, it would appear that you could just use file encryption software and do away with disk encryption, since there are detriments to the latter ( as well as to the former...I'll explain that soon enough). However, chances are that, hope as you might, you probably won't be able to keep track of all files and protect them: either you have too many files, or you just don't have enough time to deal with them all. There is also the annoyance factor that builds up quickly: modern encryption is very fast, but you might be faced with typing a long, starred-out password many times before being granted access to your content. Plus, imagine that your laptop goes missing: your car was broken into, someone filched the device at your favorite coffee house, you were mugged in broad daylight, etc: with full disk encryption, you know the data on that laptop is protected. Would you share the same level of confidence if you had been using file encryption? What if you missed one of your files?
Laptop encryption goes by many names: whole disk encryption, full disk encryption, hard disk encryption, etc. The point is that the storage disk inside the computer (aka, the hard disk drive) is encrypted in its entirety.
What this means is that anything saved to an encrypted computer will end up encrypted as well. Contrast this with a computer that uses file encryption, where individual files are encrypted, and consequently, unencrypted files also exist on the same computer.
Now, if you are a careful, methodical person, it would appear that you could just use file encryption software and do away with disk encryption, since there are detriments to the latter ( as well as to the former...I'll explain that soon enough).
However, chances are that, hope as you might, you probably won't be able to keep track of all files and protect them: either you have too many files, or you just don't have enough time to deal with them all.
There is also the annoyance factor that builds up quickly: modern encryption is very fast, but you might be faced with typing a long, starred-out password many times before being granted access to your content.
Plus, imagine that your laptop goes missing: your car was broken into, someone filched the device at your favorite coffee house, you were mugged in broad daylight, etc: with full disk encryption, you know the data on that laptop is protected. Would you share the same level of confidence if you had been using file encryption? What if you missed one of your files?
That being said, there are those times where you also know disk encryption can't help you. For example, if the computer is stolen in its "on" state. To be more specific, any time after you provide the correct username and password at the login prompt. When you log in into your computer, you temporarily disable laptop disk encryption until you shut down the computer again. So, for example, if you were working out of your car, and someone were to carjack you, the thief now has access to that computer's contents. Likewise if you return from a short restroom trip at Starbucks, only to find nothing but your coffee and power brick. Also, disk encryption cannot protect you from hackers and malware, unlike a firewall or antivirus software. Conceivably, file encryption could help: malware wouldn't be able to scrape the contents of an encrypted file. On the other hand, a keystroke-logging Trojan could just store a history of what you typed, and the hacker could use that for accessing any protected files later.
That being said, there are those times where you also know disk encryption can't help you. For example, if the computer is stolen in its "on" state. To be more specific, any time after you provide the correct username and password at the login prompt.
When you log in into your computer, you temporarily disable laptop disk encryption until you shut down the computer again. So, for example, if you were working out of your car, and someone were to carjack you, the thief now has access to that computer's contents. Likewise if you return from a short restroom trip at Starbucks, only to find nothing but your coffee and power brick.
Also, disk encryption cannot protect you from hackers and malware, unlike a firewall or antivirus software. Conceivably, file encryption could help: malware wouldn't be able to scrape the contents of an encrypted file. On the other hand, a keystroke-logging Trojan could just store a history of what you typed, and the hacker could use that for accessing any protected files later.
This is the thing with encrypting files: there's no way on earth you're going to encrypt all important files because there's no way for you to identify all important files. Modern computing systems make it impossible. When you're working on a document, chances are that a temporary file is also created. For example, MS Word creates temp files for improving computer speed and as a safety net (it allows for document recovery if your computer crashes). These temp files are supposed to be deleted once you're done working on your documents. But, experience tells me that this is not always so. More than once have I see some cryptic "*.tmp" file lying about in some equally cryptic folders I did not create. These contain the same information you've saved to a file which you subsequently encrypted. Except, of course, you wouldn't have searched through your computer looking for a temporary file with sensitive data. Why would you? Likewise, if that temp file is deleted or you delete a file, but do not overwrite it, the contents of those files can be easily retrieved. For example, if you receive an unencrypted attachment via a secure connection, read it, and delete it...well, it could still be accessible if your laptop gets stolen. All you need is one of the thousands of freely available free data recovery programs you can find on the internet, for free. Did I mention these are free? If you use encryption software like AlertBoot, though, these are hardly concerns if your computer gets stolen or just plain goes missing. I should note that roughly one-third of all reported data breaches involve the theft of electronic data devices: laptops, desktops, netbooks, smartphones, CDs, external hard drives, etc. And, with more companies, and even the government, turning towards "work from home" programs, you can expect the breach figures to remain in the double-digits.
This is the thing with encrypting files: there's no way on earth you're going to encrypt all important files because there's no way for you to identify all important files. Modern computing systems make it impossible.
When you're working on a document, chances are that a temporary file is also created. For example, MS Word creates temp files for improving computer speed and as a safety net (it allows for document recovery if your computer crashes).
These temp files are supposed to be deleted once you're done working on your documents. But, experience tells me that this is not always so. More than once have I see some cryptic "*.tmp" file lying about in some equally cryptic folders I did not create. These contain the same information you've saved to a file which you subsequently encrypted.
Except, of course, you wouldn't have searched through your computer looking for a temporary file with sensitive data. Why would you?
Likewise, if that temp file is deleted or you delete a file, but do not overwrite it, the contents of those files can be easily retrieved. For example, if you receive an unencrypted attachment via a secure connection, read it, and delete it...well, it could still be accessible if your laptop gets stolen. All you need is one of the thousands of freely available free data recovery programs you can find on the internet, for free. Did I mention these are free?
If you use encryption software like AlertBoot, though, these are hardly concerns if your computer gets stolen or just plain goes missing.
I should note that roughly one-third of all reported data breaches involve the theft of electronic data devices: laptops, desktops, netbooks, smartphones, CDs, external hard drives, etc. And, with more companies, and even the government, turning towards "work from home" programs, you can expect the breach figures to remain in the double-digits.
Related Articles and Sites:http://support.microsoft.com/kb/211632