Guarding Your Laptop And Its Secrets

Too bad your attention is focused on catching a plane, because you're about to become a crime victim. At the airport security checkpoint, you place your notebook PC on the X-ray conveyor belt. As you're about to walk through the metal detector, a rude passenger jumps in front of you and triggers the alarm. You fume while the person fiddles with her jewelry, fumbles with her change, and makes a fuss. While your attention is diverted, her accomplice who has already passed through security, snatches your laptop.

This all-too-common scam shows how vulnerable you are when you're carting around valuable computer gear. Next to viruses, laptop theft was the most prevalent computer crime in 1998, according to the 520 security practitioners at companies, universities, and government agencies who responded to a Computer Security Institute (CSI) and FBI survey.

Portable PCs are easy targets for thieves out to make a quick buck. But what's inside the laptop can be worth much more. Is an industrial spy after the secrets contained on your hard drive? "I can get $3,000 for a top-of-the line laptop," says John Kauza, a security vice-president at AT&T. "But I can get a million to a million-and-a-half dollars for your marketing plans."

This doesn't have to happen. To minimize the chances your laptop or its contents will fall into the wrong hands, there are plenty of measures you can take--from something as simple as buying a lock to installing sophisticated software that scrambles your data so others can't read it.

Many safeguards come under the heading of common sense. For instance, to avoid the airport scam, don't place your laptop on the belt until you're sure no one can cut in front of you. Also, alert the security people that it's your machine rolling to the other side, says John O'Leary, director of education at CSI.

Don't drop your guard after you've passed through security, either. Never leave your computer unattended, even if the chummy person sitting next to you says he'll watch it while you grab a hot dog. "If you have sensitive information that would do the company harm, you've got to have some level of paranoia," says Bob McKee, director of corporate information security at Hartford Financial Services Group.

FOOLPROOF? Another tip: Hide your PC in a bag that doesn't resemble a laptop carrying case. And foolish as it seems, some people stick post-it notes with passwords or phone numbers to access corporate networks on the machine or in the case. Don't store passwords on your hard drive. If you leave the computer in a hotel, log off. Otherwise, an intruder could copy the contents of your hard drive. You may want to remove the drive, if you can, and take it with you.

Invest in a lock such as Kensington Technology's Notebook MicroSaver Security System ($75; It's a six-foot steel cable and key lock that fits into a slot built into most laptops. You loop the cable around a desk or other immovable object, as you would with a bicycle cable.

On some occasions, a piercing alarm may help. Port's $50 Defcon 1 Motion Detector (800 242-3133) attaches to your carrying case with a combination lock and goes off when someone tries to lift the machine without knowing the combination. The TrackIt Portable Anti-Theft System ($50, 888 487-2251 or has a miniature radio receiver that attaches to your laptop and a transmitter that hooks on to your keychain. If your PC is more than 40 feet away from you, a siren goes off.

CODES. Alarms may stymie common thieves, but you'll need something more bulletproof if a rival is after confidential files. So companies such as AT&T and Detroit Edison require certain employees to carry SecurID tokens in the form of smart cards or keychain readers from Security Dynamics ( To get onto a corporate network, you first enter a PIN number or password, then type an electronic code that is displayed on the SecurID token. The code changes about every minute. A control module at the network recognizes the code in combination with your PIN. Many companies are working on retina, voice, or fingerprint scanners to prevent unauthorized users from accessing a network or your laptop. But biometric schemes haven't hit prime time yet.

The best way to keep unwanted eyes from your data is to encrypt it using heavy-duty mathematical algorithms that scramble your files into an indecipherable code. PGP For Personal Privacy ($40) from Network Associates and RSA SecurPC ($59) from RSA Data Security are leaders in the field. Symantech's $90 Norton Your Eyes Only encryption software also prevents interlopers from booting up into Windows 95 systems without knowing a password, even if they use a floppy disk. Be aware that because of U.S. laws, you cannot export files with strong encryption without special permission.

Security always involves a trade-off between the level of protection you choose and convenience. Longer passwords are more secure but harder to remember. Hewlett-Packard and IBM have unveiled $199 security kits based on smart cards whose readers fit into a type II PCMCIA slot on a notebook. The systems can prevent access to the computer and encrypt and decrypt data. But each time you need the PCMCIA slot for another purpose, you must deactivate the programs and pull out the readers.

You might be able to recover a purloined PC if you sign up with the Stolen Computer Registry ( Enter the make, model, and serial number of the unit on the free Web database. A reseller or police officer might find your PC listed on the site and return it to you. Only 1% of PCs have been retrieved since the database went up on the Web three years ago.

You might stand a better chance with The CyberAngel from Computer Sentry Software ( or CompuTrace from Absolute Software ( As soon as someone connects your stolen computer to a phone line, your modem will silently dial a central monitoring service that can trace the call. CyberAngel, which charges $75 the first year and $50 for each following year, would fax or E-mail you an alert, then lock off the communications port to the laptop's modem. CompuTrace costs $90 the first year and $60 thereafter. You must notify the company that your PC has been stolen and present a theft report. The company then helps police hunt for your machine.

Your own negligence can do as much damage as a thief. To avoid losing critical data, you need to back up your hard drive religiously, say experts. You can carry floppies or back up data via the Web. When you have custody of your company's secrets, remember that the weakest link in any security system is you.