Laptop Encryption Software: What Exactly Are You Protecting Against? Applying Some Thought.

Sometimes I read stories like the one below, and can only click my tongue tsk, tsk.  While data security doesn’t require a graduate degree, it does require some thought.  I often mention this when blogging about data encryption software, but sometimes it extends to security practices beyond encryption.

Grad Student’s Life in Ruins

A graduate student at the University of Calgary is living the post-graduate student’s nightmare after someone broke into his car and stole his laptop and backup external hard drive which contained his research, notes, and partially completed thesis:

Boldt has said that if he isn’t able to recover his work, he may have to drop out of school and is offering a cash reward for the return of his laptop. He told, “The computer can be replaced. It’s what’s on it that can’t. Even if they want to save everything on a hard drive and give me that, that’s fantastic.”

As a former grad student, I cannot help but sympathize.  I mean, losing all of your research?  In theory, it can be replicated.  In practice, it’s generally impossible: your research is not only what you’ve collected so far, but also what you have discarded.  Trying to remember all the different avenues that you took to establish your final resources would be extremely time-consuming.

Furthermore, if the student was not in the liberal arts, it means results from experiments are also gone.  Certainly, these can be run again.  However, whether he’ll obtain the same or similar results?  Impossible to say.  And, a thesis would have to be based on the new results, which could mean even more research branching into an entirely different direction.

At least when I was getting my graduate degree, a lot of it involved photocopied pages and data printouts, which tend not to be stolen.  Nowadays, chances are something would be “photocopied” to a digital file.

Backups: What are They For?

The only remedy to losing information, if you need to have it around?  Backups.  Prior to the internet and computer revolution, this meant lots of printed pages, written notes, manila folders, etc.  During the initial stages of the revolution, it meant an amalgam of both the above and backups to electronic media.  Today, post-revolution?

I’m not sure, since it’s been a while since academia, but based on my own work patterns, something tells me there’s very little tree pulp involved.  Hence the external backup drive our grad student was using to save his data.

Of course, it didn’t help him…but that’s only because he failed to consider all the ways his data was at risk.  Besides the risk of hard drive failures, these are the risks that I considered when I went into writing up my own thesis and conducting my research:

  • Natural disasters: floods, fires, etc.

  • Break-ins, muggings, and other forms of theft

  • General, unintended loss: leaving things behind in the bus, etc.

I also considered stuff such as EMP attacks (thanks, Golden Eye, for planting that idea in my head), but figured I’d have other things to worry about if such an event came to fruition.

After taking a hard look at what was probable and what was possible (or barely possible), I decided that I would have two backups.  One stayed in a locked drawer at the lab; the other I would leave at home.  The latest updates to in the laptop would be used to synchronize the data.  I considered mailing something out of state, but figured that was overkill.

Thankfully, nothing ever got stolen, so my backup measures were not necessary in hindsight.  In the event something did happen, though, I was pretty well covered.

How Does This Relate to Laptop Encryption?

Protection from data breaches also requires some forethought.  Granted, the use of encryption software will cut down on your data breach risk.  However, you also need to consider how the technology protects your data.  Otherwise, you might believe your protection covers more ground that it actually does.

For example, laptop encryption usually comes in the form of hard disk encryption.  In other words, the entire content of a hard drive is encrypted.   However, this protection does not extent to data copied off of the laptop.

If you copy files of an encrypted laptop to a USB flashdrive or e-mail an attachment with confidential information, chances are those files are not encrypted the moment they’re copied off the laptop.  If you assumed otherwise, you’re running into the same error in assumption our grad student made above: you’re not as well covered as you thought you are.

E-mail encryption or file encryption would be necessary to ensure continued data protection.

Related Articles and Sites:

Comments (0)

Let us know what you think