If your company is contemplating a migration to the new Windows Vista operating system, you might want to consider the Business, Ultimate or Enterprise editions. Each includes a new hard drive feature called BitLocker Drive Encryption. By default, the technology requires a Trusted Platform Module (TPM) chip usually found only in higher-end systems. However, you can set group policy so that a USB storage device can store the encryption keys. This setting prevents the computer from booting up until the USB device is plugged in. Great two-factor authentication!
WinMagic's disk encryption software, SecureDoc, offers another way to add pre-boot authentication. If you are having problems with the time it takes to decrypt data, I would consider creating a volume that automatically encrypts all files stored on it; then I would move the My Documents folder to reside there. As long as software programs are not stored on this encrypted drive, there should only be a negligible impact on performance.
If you wish to use encryption abroad, you will have to ensure that the product you choose can be used in the countries that your staff may need to visit. The Bureau of Industry and Security assigns a license exception to most commercial encryption products, allowing them to be exported to only specified destinations. PGP, for example, falls within three types of license exception: mass market, ENC restricted and ENC unrestricted. None of these categories, however, allow encryption products to be exported to the following embargoed countries: Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.
Other steps you can take to protect on-the-road laptops include locking down the operating system and providing users with a physical lock. Better still, insist that users remove hard drives and lock them in a safe whenever they leave their laptops unattended. Some organizations now provide spare drives that have to be installed when working in a hostile environment; anywhere outside the confines of the office. These drives only contain company data that is classified as public. Any other data has to be stored on encrypted USB keys carried separately from the laptop. Proximity alarms can also be attached to a laptop, which will go off if the computer gets too far away from its owner. Finally, I would ensure that all of the laptop-using staff receive security awareness training. The training should be aimed at the particular threats that laptop users face, such as unsecured public Wi-Fi and opportunist thieves.
Dig Deeper on Disk and file encryption tools
Related Q&A from Michael Cobb
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix ... Continue Reading
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading