Most companies provide their senior executives with laptops or netbooks and tablets so they can be productive even when on the road. This is even more true of corporates executives who sometimes demand anytime, anywhere access to data residing on corporate servers. The big corporations can afford to spend millions of dollars on data protection hardware and software.
The same cannot be said of executives in small and medium-sized organizations, especially when it comes to loss of personal information, including credit card data, patient records or other financial information, stored by the company. Data breaches happen and information is lost every day due to small mistakes that could have been avoided. For small businesses, these events can be devastating.
With news makers such as Wiki Leaks and other high-profile breaches over the last several months, you never know where your information will end up if it lands in the wrong hands – so of course, you must protect it.
With the advances in technology, it is not uncommon to find a user lugging around a laptop with 500GB of hard drive space. That is a lot of space for corporate data and with the breaches like we have witnessed recently – Wiki Leaks, HBGary, etc. you never really know who will end up with your corporate data should it get stolen.
Couple that with the fact that small organizations do not have the resources to set up a sophisticated VPN architecture that would require a user to log in the mother-ship before accessing data. They cannot afford expensive data plans.
Research records from the Ponemon Institute show that over 75% of organizations are aware of an incident in the organization where confidential or sensitive information was at risk as a result of a lost or stolen laptop.
It is assumed that presently, almost 40% of sensitive and confidential corporate information is being accessed at any given time by remote workers, including corporate execs.
It is strongly believed in the IT security field that humans are the weakest link in the area of data security and that employees are careless. Moreover, in many small businesses and organizations there is no IT personnel to take ownership of securing corporate data.
It is not uncommon to find contents on the laptops of executives that could put the company at risk should it get on the wrong hands – pictures and videos of a wild night out, for example.
While most modern laptops contain whole-disk encryption software, not many users are aware of them. The are also location tracking, and file-level encryption.
Expanded use of encryption has become the most popular technology solution to data protection. So here is a round-up a few tools that could be useful for the traveling executive:
AxCrypt – Personal Privacy and Security with AES-128 File Encryption and Compression for Windows 2000/2003/XP/Vista/2008/7. Double-click to automatically decrypt and open documents. Store strong keys on removable USB-devices.
Seamless integration with Windows Explorer.
Double-click to decrypt, open and re-encrypt.
No configuration required.
Many languages supported.
Extensive command-line interface for scripting and programming.
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
- Provides plausible deniability, in case an adversary forces you to reveal the password
- Hidden volume (steganography) and hidden operating system.
- Encryption algorithms: AES-256, Serpent, and Twofish.
Personally, I believe this should be your first choice. What you can do is create an encrypted file on your system that the software mounts as an encrypted virtual hard drive and you can dump all your critical documents in there. It is possible to use a folder, file or image as a key (password). So for example, you can create a text file of your favorite movies and use that as your key – one less password to remember.
The nice thing about TrueCrypt is that depending on how paranoid you are, the options are endless.
I stumbled on this during a frustrated search for a password “holding cell”. With so many passwords, login credentials, online subscriptions etc. to manage, I was getting irritated by the limitations of an Excel spreadsheet and a plain text file was dangerous at best.
It is a simple password manager for your PC and Smartphone. It works like a text editor and uses a strong cryptography algorithm to generate the end file.
What MyTextIsTreasure (MTT) does is give you a notepad-like page that you can type your sensitive data in and secure with a password. It has been an awesome tool because I can save it on an FTP site, a USB flash disk or a Synced online folder without worrying about unauthorized access.
- It is a password manager
- It works like a simple text editor
- It protects your private information using the known crypt algorithm AES
- It can be installed in your PC and in your Smartphone
- You can organize passwords by categories like credit cards, websites, forums, internet banking, personal life, and so on.
You don´t have to fill a lot of fields and follow a square structure.
This is another application that allows you to hide, lock and encrypt folders using 256-bit AES encryption through an intuitive and simple interface. If you had the app installed on a laptop, you can password protect a specific folder use the tool to open the folder when you need access to it.
- Unlimited number of folders can be protected.
- Intuitive & easy-to-use interface.
- NTFS, FAT32 and FAT volumes are supported.
- Implements 256-bit AES (Rijndael) to encrypt files.
- Effective password protection.
- System Cleaner, File shredder, Virtual Drive.
- Removing or uninstalling will not uncover locked folders.
- Windows Explorer integration.
- Supports Drag & Drop.
It is compatible with Windows XP, Vista, 7
WinSCP is a SFTP client and FTP client for Windows. Its main function is the secure file transfer between a local and a remote computer. It uses Secure Shell (SSH) and supports, in addition to Secure FTP, also legacy SCP protocol.
Portable PGP is a fully featured, lightweight, java based, open source PGP tool.
It allows to encrypt,decrypt,sign and verify text and files with a nice and absolutely straight graphical interface.
It’s absolutely simple to use and provides everything you need to get started with PGP cryptography.
There is a USB-Stick version of PortablePGP which comes as a simple zip file that you can decompress on the root folder of your USB drive and allows to run PortablePGP on both Window and Linux platforms without the need of installing it and without the need to have a Java virtual machine installed(a private JRE is bundled in)
Java Runtime Environment 6 (or greater)
Java(TM) Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files
HaDES (Short for Hard Disk Encryption System) is an enterprise level open source hard disk encryption tool, which enhances TrueCrypt by adding functionality that enables TrueCrypt for enterprise use, for example multi-user capability and recovery
HaDES Additional Features:Creates a virtual encrypted disk within a file and mounts it as a real disk
- several users have access to the encrypted disk via username and password
- Encrypts a partition or drive where Windows is installed (pre-boot authentication)
- Users can be administrated in volumes and partitions with multi-user capability:
- users can be created
- users can be deleted and
- every user has the possibility to change his or her password.
Ultimately, the best way to protect corporate data is to assess risks by identifying and classifying confidential information and them implementing the following:
- Educate employees on information protection policies and procedures, then hold them accountable
- Deploy data loss prevention technologies which enable policy compliance and enforcement
- Proactively encrypt laptops to minimize consequences of a lost device
- Integrate information protection practices into businesses processes
FreeOTFE is a free, open source, “on-the-fly” transparent disk encryption program for PCs and PDAs with a simple goal: the secure storage of bulk data, while making it readily accessible to authorized users.
With this software, you can create one or more “virtual disks” on your PC/PDA. These disks operate exactly like a normal disk, with the exception that anything written to one of them is transparently, and securely, encrypted before being stored on your computer’s hard drive.
Highly portable – Not only does FreeOTFE offer “portable mode”, eliminating the need for it to be installed before use, it also offers FreeOTFE Explorer – a system which allows FreeOTFE volumes to be accessed not only without installing any software, but also on PCs where no administrator rights are available. This makes it ideal for use (for example) with USB flash drives, and when visiting Internet Cafés (AKA Cybercafés), where PCs are available for use, but only as a “standard” user.
The Amnesiac and Incognito LiveCD System is a secure web browsing platform that is ideal for travelers who frequent Internet Cafés and want to prevent the possibility of their systems being compromised.
From the website:
The Amnesic Incognito Live System (Live CD, Live USB) is aimed at preserving your privacy and anonymity by forcing all outgoing connections to the Internet to go through the Tor network; and not leaving any trace on local storage devices unless explicitly asked.
It’s a LiveCD which means that you do not have to install it. You set your laptop’s BIOS to boot from CD and no changes are made to your operating system. The software can also be to run off of a USB stick.
Some important features of TAILS include:
- Tor and the Vidalia graphical front-end
- FireGPG for e-mail encryption
- All cookies are treated as session cookies by default; the CS Lite extension provides more fine-grained cookie control for those who need it
- OnBoard virtual keyboard as a countermeasure against hardware keyloggers
- Shamir’s Secret Sharing – a form of secret sharing, where a secret is divided into parts, giving each participant its own unique part, where some of the parts or all of them are needed in order to reconstruct the secret.
- To prevent cold-boot attacks and various memory forensics, Tails erases memory on shutdown and when the boot media is physically removed.
Of course there other LiveCDs out there like Kiosk from rPath, Webconverger and Ubuntu Kiosk. The difference is that TAILS has the tor software enabled by default.
Please bear in mind that the subject of encryption can get overwhelming at times. If you are not comfortable using these tools, please seek assistance. We must tell you that you bear total responsibility for lost data – seriously. Do not attempt disk/folder encryption if you have no clue on how to go about it.
If you own a small business in the Austin area and have less than 20 employees, see how you can protect your mobile users and data in transit without upfront or out-of-pocket cost here.