Information wants to be free, but you still need to protect it

If you are like me a lot of the information you use to do your job resides on your computer, most likely on a laptop. Lose your laptop (and by extension the raw materials of your craft) and doing your job becomes difficult, if not impossible, until you are able to gather it back up. Obviously, a good backup strategy is critical.

But the loss of the information not only hinders your ability to do your work, it potentially puts your information, your competitive advantage, in the hands of the “wrong” people. In How to Secure your Computer, Disk, and Portable Drives, security expert Bruce Schneier gives some advice on how to prevent this from happening:

Computer security is hard. Software, computer and network security are all ongoing battles between attacker and defender. And in many cases the attacker has an inherent advantage: He only has to find one network flaw, while the defender has to find and fix every flaw.

Cryptography is an exception. As long as you don’t write your own algorithm, secure encryption is easy. And the defender has an inherent mathematical advantage: Longer keys increase the amount of work the defender has to do linearly, while geometrically increasing the amount of work the attacker has to do.

Unfortunately, cryptography can’t solve most computer-security problems. The one problem cryptography can solve is the security of data when it’s not in use. Encrypting files, archives — even entire disks — is easy.

This is how I protect my laptop.

Schneier goes on to discuss just that, along with some useful information about why he does certain things, such as:

The reason you encrypt your entire disk, and not just key files, is so you don’t have to worry about swap files, temp files, hibernation files, erased files, browser cookies or whatever. You don’t need to enforce a complex policy about which files are important enough to be encrypted. And you have an easy answer to your boss or to the press if the computer is stolen: no problem; the laptop is encrypted.

If you’re serious about securing your laptop, and protecting your information, give this post (and the links from it) a long, hard read. If you’re serious about security in general, you should think about adding Schneier on Security to your feed list.

Leave a Reply

Your email address will not be published. Required fields are marked *