Securing sensitive data on Windows-based laptops

Often times, management doesn't have a problem investing in locking down the organization's data center and e-commerce systems. When it comes to laptops, however, ignorance can create huge business risks. Many people, especially those in management, have yet to realize just how much sensitive data the average Windows-based laptop contains. This list could include:

• Local logon credentials that can often be used to connect in to the network
• Network logon credentials in VPN and remote desktop connections
• Cached Web browser form data (Web site passwords, credit card numbers, SSNs, etc.)
• Sensitive Word, Excel, PDF, etc. documents
• Software license numbers

Consider the following data gleaned from my own laptop system in just a few seconds using the Identity Finder Professional tool:

Using Identity Finder Professional to glean sensitive data from a laptop

A great deal of sensitive data was discovered and the search was only five percent complete. This isn't even counting the intellectual property on laptops that can be just as abundant. If you were to try a similar tool on a sampling of laptops in your organization, you'd likely get the same results. A Windows laptop that doesn't utilize hard drive encryption could very well be maliciously accessed via Wi-Fi or become infected with malware. Hacking into laptops is simple, and it's only a matter of time before it can happen to your business.

Much of this oversight comes from not having standardized on solid Windows security configurations. It also comes from overlooking Windows laptop systems during security assessments and audits. These shortcomings are typically the result of not having management buy-in and the right mobile security goals. At the very least, you need to consider adopting the following mobile security policies to ensure your Windows laptops are locked down:

1. Perform in-depth security assessments on all Windows laptops once a year
2. Encrypt laptop hard drives with strong passphrases and centrally-managed keys
3. Enable screen savers on all systems with a timeout period of less than 10 minutes
4. Run personal firewall software on all systems
5. Configure all systems to automatically download and install Windows updates
6. Configure all systems to update malware signatures via the Internet when they're not connected to the local network
7. Confirm all systems are configured to not automatically connect to any wireless network in range
8. Train and test all employees on mobile security policies each year

Don't forget about mobile storage. External hard drives, USB memory sticks and SD cards that are often attached to mobile Windows systems are also exposed. As the U.S. National Archives learned recently, improperly secured mobile drives can create big problems.

The bottom line is for administrators to understand where your Windows laptops are vulnerable, know what sensitive data is where, implement reasonable controls and continuously check for holes. It's a simple formula for Windows laptop security that'll buy you a lot in the way of minimizing complex business risks.

ABOUT THE AUTHOR:

Kevin Beaver Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC. Kevin specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver /at/ principlelogic.com.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Windows desktop security tips Mobile client security threats shouldn't be underestimated Securing removable drives with BitLocker To Go Five network security resolutions for 2010 What can Windows 7's AppLocker do for you? New year begins with a light Patch Tuesday Top 5 registry keys for Windows 7 Desktop security predictions for 2010 Group policy tricks to secure network endpoints The right security tools for finding Windows desktop weaknesses Using BitLocker in Windows 7 RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.