In my last article my laptop had died a spectacular death from a full cup of coffee. I had to send it into the IBM depot, where they replaced nearly everything but the battery. Including the hard drive.

My files were all properly backed up, and I was even able to retrieve the few files I had worked on that day by connecting the drive to another computer. So when the service depot called and said they wanted to replace the drive, I said go ahead.

Now, from a security point of view, the rule of thumb is to destroy all data on hard drives before passing them on. However, if your computer gets stolen you may not get the opportunity. Let’s take a closer look about what you can do, why and how.

If you have financial files that include account numbers, or store passwords on your computer, you definitely want to have protection for them

Who cares if someone gets my hard drive?

You may not care. Many people don’t. In this day of identity theft, however, being too cavalier about your data may be foolhardy. While there are plenty of other ways that misanthropes have found to hijack your identity, getting financial details off your computer is one of the easy ways, if they get hold of your hard drive. There are basically three reasons to protect data on computers that could be stolen, in increasing levels of paranoia:

1. Because you might get sued or go out of business if the information falls into the wrong hands
2. To prevent identity fraud or theft
3. To protect your privacy

In my business, I work with a lot of different clients. For some of them, I have signed a confidentiality agreement, agreeing not to reveal any of their internal product or business lines. If my laptop were to be stolen with confidential material on it, I could be held liable. This type of information absolutely must be protected.

If you have financial files that include account numbers, or store passwords on your computer, you definitely want to have protection for them. Any geek with a computer could find this stuff on your hard drive, and if the temptation is great, and their ethics loose, they might put your information to misuse.

Even your non-confidential stuff—email, letters, and spreadsheets—may be enough for someone to impersonate you and get credit in your name, or assume your identity when they commit a crime.

What should I pay attention to?

Okay. Let’s not get too alarmist here. There are risks involved with setting foot outdoors. In my house, there can be risks involved without going outdoors. Worrying about the security of your data should not keep you up at night—if it does, I highly recommend you stop reading right now, unplug your computer, run it over with your car, hack it up with an axe, and move to a teepee in Manitoba. I hear there’s plenty of deer running around up there, and with our climate changes, there should be some good farming up there soon.

But if you’re determined to stay online, just take a moment to think about the kind of data you have on your computers. The same data I considered in my disaster recovery article, and before that, in my password strategy article. Do you have any data you absolutely don’t want to have fall in the wrong hands?

Don’t bother with email—it has already gone unencrypted through that filthy, spy-infested internet. But do pay attention to your financial records, and especially to any files you’ve copied (securely, I hope!) from any company file share. If you’re responsible for keeping any of that secret, you’d better not leave it unencrypted on a laptop hard drive, especially not in public places.

For all of the employees out there carrying laptops owned by your employer, you can relax—it’s the job of your IT department to make sure their data is properly secured, not yours. But if you have client data, you could be held responsible if it falls into a competitor’s hands.

Encryption to the rescue

Luckily, there are some very secure ways to protect your data, using one of a few different types of encryption. I’m not going to get into detail about how encryption works, or what varieties are out there. But I am going to look at three different systems that can be used to encrypt data on your hard drive. They vary based on who can decrypt the data, where you can apply the different encryption types, and how automatic the whole process is.

A general rule of thumb is that increasing security directly hampers convenience. On certain systems, however, encryption has been made very easy to do

A general rule of thumb is that increasing security directly hampers convenience. On certain systems, however, encryption has been made very easy to do.

Windows Encrypted File System

This is one area where Microsoft gets it right, with their “Encrypted File System,” or EFS. EFS comes with Windows XP Professional, but not XP Home. If you have XP Pro, and your hard drive is in NTFS format, you can encrypt any file or directory by following these steps:

1. In Windows Explorer, right-click the file or directory, and choose Properties .
2. Click the Advanced button.
3. Check the Encrypt checkbox, and click OK.

That’s it. Whatever you have encrypted, is now completely secure, even if your hard drive is stolen—unless the attacker guesses your password. EFS works by using strong encryption to hide the data, and then it uses a certificate associated with your login to protect the key. If you log in using another user account, or try to read the files from Linux, you won’t be able to get to them.

The downside is, if your administrator resets your password, you lose all access to the encrypted files because the certificate is deleted. It’s possible to create a recovery disk before you reset your password, but otherwise you’re hosed. Another drawback is that you can’t back up an EFS file or directory while it’s encrypted.

EFS works well for laptops, and I encourage you to turn it on for specific directories, to keep anything you store there safe should you lose control of your hard drive. This system depends upon having a strong log-in password, though, and disabling automatic logins.