With staff working from home or taking their business laptop on the road for meetings, it’s crucial your hardware is protected from a multitude of threats.
Computing security is always a hot topic. Office computers will already be protected against many threats, with firewalls keeping out hackers and security software blocking malware before it can get on to your computer. But what about business laptops that get used outside of the workplace? How do you best protect them?
Any business laptop worth its salt, such as the ASUSPRO range, has several physical protections built in. For starters, there’s the all-important TPM (Trusted Platform Module) chip, which provides the necessary cryptographic technology to secure key hardware components.
When combined with Windows’ BitLocker encryption, not only is a laptop password-protected at initial startup (before Windows itself starts to load), but the hard drive is fully encrypted to protect sensitive data. It’s imperative that the entire drive – not just selected files or folders – is encrypted, and BitLocker makes that a simple process.
BitLocker can also be used to encrypt removable drives, so if your staff needs to carry sensitive files on a USB stick, make sure they’ve spoken to IT about getting it encrypted before they travel.
All of this physical security is a good start, but the weakest parts of any security system are its entry points. In the case of a locked-down laptop, that’s the password needed to unlock it. Most users will set short, easily guessable (never mind hackable) passwords for convenience’s sake. Your laptop might also have an integrated fingerprint reader – the ultimate alternative to a password, you might think. BitLocker doesn’t work with biometric authentication devices natively, but third-party add-ons, such as Secure Disk for BitLocker, do extend support as well as add additional safeguards such as multi-factor authentication.
If your staff need to remember lots of different passwords, point them towards a secure password manager, such as BitWarden. This offers special enterprise features like on-premise password storage, user groups and directory sync.
One additional consideration when using a laptop outside of the office is the security of its internet connection. Make sure your staff are equipped with access to a VPN for both logging into the company server and for wider internet access, thereby avoiding potential drive-by hackings on insecure public Wi-Fi networks. Also, investigate ways of adding additional forms of physical authentication – such as two-factor authentication – to key internal and external services. So, if a laptop is compromised and a user’s passwords discovered, the hacker is still unable to gain access to critical information.
The role of IT (and others)
Business laptops remain the property – and ultimately responsibility – of your organisation, so staff need to be reminded of this. You can do this with a system like ASUS Control Center, which gives IT control over how the laptop is set up, deployed and maintained, plus allows it to perform emergency actions remotely in the event of theft or some other crisis – for example, performing an encrypted disk wipe to remove all traces of sensitive information.
It’s tempting to leave the security of your organisation’s laptops to the IT department. But they need help from elsewhere too. One tip is to set up a security committee involving key managers and IT where you can create a set of security policies that are both reasonable and enforceable. This will help reinforce the need for staff to be careful with company property.