Data encryption is not one of the security options most companies think of providing for their senior executives who use, and travel, with laptops, netbooks and tablets so they can stay productive even when on the road. This is even more true of corporate executives who sometimes demand anytime, anywhere access to data residing on corporate servers.
While the big corporations can afford to spend millions of dollars on data protection hardware and software., the same cannot be said of executives in small and medium-sized organizations, especially when it comes to loss of personal information, including credit card data, patient records or other financial information, stored by the company.
Data breaches happen and information is lost every day due to small mistakes that could have been avoided by using data encryption technologies. For small businesses, these data loss events can be devastating.
With data breach news makers such as Zynga, Equifax, Comodo, DoorDash recently, and Wiki Leaks and other high-profile breaches in previous years, you never know where your information will end up if it lands in the wrong hands – so of course, you must protect it, preferably through encryption.
With the advances in technology, it is not uncommon to find a user lugging around a laptop with 500GB+ of hard drive space. That is a lot of space for corporate data and with the breaches like we have witnessed recently – Capital One, FaceBook, etc. you never really know who will end up with your corporate data should it get stolen.
Couple that with the fact that small organizations do not have the resources to set up a sophisticated VPN architecture that would require a user to log in the mother-ship before accessing data. They cannot afford expensive data plans.
Research records from the Ponemon Institute show that over 75% of organizations are aware of an incident in the organization where confidential or sensitive information was at risk as a result of a lost or stolen laptop.
It is assumed that presently, almost 40% of sensitive and confidential corporate information is being accessed at any given time by remote workers, including corporate execs.
It is strongly believed in the IT security field that humans are the weakest link in the area of data security and that employees are careless. Moreover, in many small businesses and organizations there is no IT personnel to take ownership of securing corporate data.
It is not uncommon to find contents on the laptops of executives that could put the company at risk should it get on the wrong hands – pictures and videos of a wild night out, for example.
While most modern laptops contain whole-disk encryption software, not many users are aware of them. There are also location tracking, and file-level encryption.
Expanded use of encryption has become the most popular technology solution to data protection. So here is a round-up a few tools that could be useful for the traveling executive:
AxCrypt – Personal Privacy and Security with AES-128 File Encryption and Compression for the latest version of Microsoft Windows. It supports double-clicking to automatically decrypt and open documents, and is capable of storing strong encryption keys on removable USB-devices.
- Seamless integration with Windows Explorer.
- Double-click to decrypt, open and re-encrypt.
- No configuration required.
- Many languages supported.
- Extensive command-line interface for scripting and programming.
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
- Provides plausible deniability, in case an adversary forces you to reveal the password
- Hidden volume (steganography) and hidden operating system.
- Encryption algorithms: AES-256, Serpent, and Twofish.
This should be your first choice. What you can do is create an encrypted file on your system that the software mounts as an encrypted virtual hard drive and you can dump all your critical documents in there. It is possible to use a folder, file or image as a key (password). So for example, you can create a text file of your favorite movies and use that as your key – one less password to remember.
The nice thing about VeraCrypt is that depending on how paranoid you are, the options are endless.
I stumbled on this during a frustrated search for a password “holding cell”. With so many passwords, login credentials, online subscriptions etc. to manage, I was getting irritated by the limitations of an Excel spreadsheet and a plain text file was dangerous at best.
It is a simple password manager for your PC and Smartphone. It works like a text editor and uses a strong cryptography algorithm to generate the end file.
What MyTextIsTreasure (MTT) does is give you a notepad-like page that you can type your sensitive data in and secure with a password. It has been an awesome tool because I can save it on an FTP site, a USB flash disk or a Synced online folder without worrying about unauthorized access.
- It is a password manager
- It works like a simple text editor
- It protects your private information using the known crypt algorithm AES
- It can be installed in your PC and in your Smartphone
- You can organize passwords by categories like credit cards, websites, forums, internet banking, personal life, and so on.
You don´t have to fill a lot of fields and follow a square structure.
WinSCP is a SFTP client and FTP client for Windows. Its main function is the secure file transfer between a local and a remote computer. It uses Secure Shell (SSH) and supports, in addition to Secure FTP, also legacy SCP protocol.
Although active development is now discontinued, FreeOTFE (still available on SourceForge) is an open source computer program for on-the-fly disk encryption. It can create a virtual drive within a file or partition, to which anything written is automatically encrypted before being stored on a computer’s hard or USB drive. It is similar in function to other disk encryption programs including TrueCrypt and Microsoft’s BitLocker.
With this software, you can create one or more “virtual disks” on your PC/PDA. These disks operate exactly like a normal disk, with the exception that anything written to one of them is transparently, and securely, encrypted before being stored on your computer’s hard drive.
Highly portable – Not only does FreeOTFE offer “portable mode”, eliminating the need for it to be installed before use, it also offers FreeOTFE Explorer – a system which allows FreeOTFE volumes to be accessed not only without installing any software, but also on PCs where no administrator rights are available. This makes it ideal for use (for example) with USB flash drives, and when visiting Internet Cafés (AKA Cybercafés), where PCs are available for use, but only as a “standard” user.
BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.
The Amnesiac and Incognito LiveCD System is a secure web browsing platform that is ideal for travelers who frequent Internet Cafés and want to prevent the possibility of their systems being compromised.
From the website:
The Amnesic Incognito Live System (Live CD, Live USB) is aimed at preserving your privacy and anonymity by forcing all outgoing connections to the Internet to go through the Tor network; and not leaving any trace on local storage devices unless explicitly asked.
It’s a LiveCD which means that you do not have to install it. You set your laptop’s BIOS to boot from CD and no changes are made to your operating system. The software can also be to run off of a USB stick.
Some important features of TAILS include:
- Tor and the Vidalia graphical front-end
- FireGPG for e-mail encryption
- All cookies are treated as session cookies by default; the CS Lite extension provides more fine-grained cookie control for those who need it
- OnBoard virtual keyboard as a countermeasure against hardware keyloggers
- Shamir’s Secret Sharing – a form of secret sharing, where a secret is divided into parts, giving each participant its own unique part, where some of the parts or all of them are needed in order to reconstruct the secret.
- To prevent cold-boot attacks and various memory forensics, Tails erases memory on shutdown and when the boot media is physically removed.
Of course there other LiveCDs out there like Kiosk from rPath, Webconverger and Ubuntu Kiosk. The difference is that TAILS has the tor software enabled by default.
Please bear in mind that the subject of encryption can get overwhelming at times. If you are not comfortable using these tools, please seek assistance. We must tell you that you bear total responsibility for lost data – seriously.
Do not attempt disk/folder encryption if you have no clue on how to go about it.
How Tech Prognosis can help:
If your business, or organization, is struggling with data security for your mobile executives or employees, Tech Prognosis can help.