Mobile Security: Laptops

Sections:

Summary and General Information

Laptop computers provide the greatest potential for security breaches of all kinds of data. Their capacity to both store large amounts of data locally, and to freely access (via stored password) data on networked sources, makes it imperative that they be used with the strictest caution.

Note that simply engaging a password on a laptop provides no protection whatsoever of the data stored therein. Password protection alone is therefore wholly inadequate as a security measure.

It is crucial, in order to safeguard all the data and saved passwords on a laptop, that full disk encryption be used whenever possible.

Further to this, no University work-related files should be stored on the laptop itself, other than in the form of copies or works in progress. Instead, as far as is possible, files should be saved on University-provided networked storage and accessed via VPN. This will ensure that as little data as possible is stored on your laptop, and will mitigate against any loss of time, work and effort in the case that the laptop is lost, stolen or destroyed.

Finally, full remote working should be used wherever possible, deferring all applications and storage of files to a remote system, thereby ensuring that no data at all is being stored locally on your PC.

Full Disk Encryption

Data is normally stored on a hard drive in clearly readable form. Password protecting your PC only hinders access to the hard drive. The password can be bypassed and the contents of the hard drive freely read thereafter.

If, however, encryption is used, the data stored on the hard drive is scrambled, rendering it utterly unreadable. The data can only then be unscrambled by entering a correct password, at which point the files can be read. Without the password, the data can still be accessed directly, but only in the scrambled form.

Full disk encryption ensures that the entire contents of your hard drive are encrypted and inaccessible without the necessary password to unlock it.

Engaging Full Disk Encryption on an Apple Mac

If your Apple Mac laptop was supplied to you by the School of Law, please make an appointment with the IT Support team and they will guide you through the process. You can check to see if encryption is engaged on your laptop by going to “System Preferences”, “Security and Privacy”, and then clicking the “Filevault” tab. The resultant window should show something similar to this:

Filevault engaged

If your Apple Mac laptop was not supplied by the School of Law, you are still free to arrange with the IT Support team to assist you with the process, or you can engage Filevault yourself by following the instructions here:

IS Guide to Filevault Full Disk Encryption

Engaging Full Disk Encryption on a Windows Laptop

Windows full disk encryption is called Bitlocker. This technology is only available in specific, higher-tier versions of Windows and may not be available on your device. You will need to have Windows 7 Ultimate or Enterprise, or Windows 8 Pro in order to use Bitlocker.

It is strongly recommended that, if you are using a Windows laptop that cannot run full disk encryption, you make an appointment with the IT Support team who can advise you how best to safeguard your data, and use your laptop securely without encryption engaged.

Instructions on engaging Bitlocker on appropriate versions of Windows can be found here:

IS Guide to Bitlocker

Access your University Files Directly via VPN

The best way to ensure you keep your files secure, and safely backed up, is to keep them and access them via your University filestore. Using the University filestore ensures that the files are backed up. It also ensures that the files stored locally on your laptop are kept to an absolute minimum. Finally, it ensures that, so long as you have a network connection, you can ensure that you are always using the same version of a file, whether in the office, or working via a mobile device.

When you are in the office, you will access this storage via your PC’s M drive, or “My Documents”.

When you are outside the University using a laptop, you will need to first engage VPN to give you access to the University network, and then manually navigate to the filestore to access your files.

Before you can engage VPN on your computer, you must first sign up for a VPN account. This can be done online:

Sign up for a VPN Account

You must then install and setup the VPN client on your computer. The process varies depending on the type of computer you have:

Setup VPN on an Apple Mac computer

Setup VPN on a Windows 7 computer

Setup VPN on a Windows 8 computer

Once you’ve setup VPN on your computer, you can engage it whenever you need access to your files. The process of accessing your files varies depending on the type of computer you have:

Access your University Networked files on an Apple Mac computer

Access your University Networked files on a Windows computer

Once you have access to your files, it’s recommended that you copy the file you wish to work on from your University filestore down to your laptop, edit it from there, and then copy it back to your University filestore when you are finished working. This will protect against data loss caused by a dropped network connection.

Note that when working on a file over VPN, you will still need to ensure you have full disk encryption engaged to protect the security of files copied or edited locally on your laptop. Without full disk encryption, only files that you are certain do not pose a medium or high security risk should be accessed in this way. If you are in any doubt, use Remote Desktop or