We've all seen stories in the news where someone had a laptop with a million social security numbers on it stolen from them. None of us want to be 'that guy', a.k.a the person who had the sensitive information on their computer end up in the wrong hands. If you're the person who had the laptop stolen, chances are, your going to be fired, sued, or both.
If your corporate IT department who provisioned your laptop had any sense they would have installed some form of whole disk encryption or endpoint security on your laptop which would have made the data on it completely unreadable and useless to whomever stole it.
Doesn't my operating system encrypt my files automatically? The answer is: probably not, unless you've turned on disk encryption options such as Bitlocker (Windows) or FileVault (Mac). Encryption is usually turned off by default.
What can you do to ensure that your data is protected from prying eyes in case your laptop is ever stolen?
Let's take a look at some whole disk encryption options.
One of the best free open-source whole disk encryption products available is TrueCrypt. TrueCrypt for Windows allows you to encrypt your entire hard drive. Unlike file encryption, with whole disk or system encryption, all the files including swap files, temporary files, the system registry, and other core system files are encrypted.
Traditionally, a hacker would bypass the operating system's file security by taking the hard drive out of a victim's computer and connecting it to another computer as a non-bootable drive. The host computer that the hacker connects the victim's hard drive to is able to access the contents of the drive because they are not bound by the security features of the victim's hard drive's operating system. The hacker is then free to access files on the victim's drive just as if it were a USB thumb drive or other non-bootable disk connected to the computer.
TrueCrypt prevents a hacker from being able to view the contents of the hard drive because the entire drive is encrypted with the whole disk encryption process. If they tried to access the drive on another computer all they would see is encrypted gibberish.
So how does TrueCrypt ensure that only the system owner gets access to the drive? TrueCrypt uses pre-boot authentication which requires the user to enter a password prior to the Windows boot process.
In addition to whole disk encryption, TrueCrypt offers an array of file encryption, partition encryption, and Hidden Volume encryption options. Visit the TrueCrypt website for full details.
McAfee Endpoint Encryption
TrueCrypt is a great option for individual PCs, but if you manage a large number of PCs that need whole disk Encryption then you may want to check into McAfee's Endpoint Encryption. McAfee offers both PC and Mac whole disk encryption that can be centrally managed by their ePolicy Orchestrator (ePO) platform.
McAfee Endpoint Encryption also offers the ability to easily encrypt removable media such as USB drives, DVDs, and CDs as well.
Bitlocker (Microsoft Windows) and FileVault (Mac OS X)
If you're using Windows or Mac OS X, you can opt to use your operating system's built-in whole disk encryption. While the built-in OS whole disk encryption options are attractive because of the convenience factor, this fact also makes them high value targets for hackers in search of vulnerabilities. A quick search of the web reveals much discussion of Bitlocker and FileVault hacks and related topics.
No matter what whole disk encryption option you choose, whether it's built-in OS-based, open source, or commercial, make sure that all of your operating system's and application's security patches are updated on a regular basis so that your drive encryption is as vulnerability-free as possible.