What you’ve presented is actually quite a dilemma.
To answer the second part first: no. There’s simply no way to determine if your files have been copied – at least not in any way that absolutely says they were copied with malicious intent.
The problem is, there’s really no fool-proof solution to your scenario. In fact, I’ve heard of companies occasionally electing not to repair a hard drive, because it meant that sensitive data might be visible to repair technicians.
Your options to secure a hard drive are limited, but if you can plan ahead, there’s a chance.
The problem is basic. Handing your computer to a technician for repair violates one of the fundamental principles of computer security: if ‘s not physically secure, it’s not secure. Period.
That’s actually true regardless of the reason. Handing your computer over to anyone is fundamentally not secure.
It really all boils down to trust. In an ideal world, you would have a totally trustworthy technician working on your machine. In the real world, we’ve all heard of data being stolen by folks with access to your machine.
So what to do?
Plan ahead with encryption
The only completely secure solution to safeguard a hard drive is to encrypt it, or the sensitive data you store on it.
Now, you might opt for whole-disk encryption, but the problem here is that the technician might still need access to it to fix your machine – meaning you’ll have to share the decryption keys so he or she can boot the system. After doing so, the tech will have access to everything.
When your data is not “mounted” (the approach both of those tools use to access your encrypted data), your technician can work on your machine without being able to access your sensitive information.
That type of encryption is nice if you’re willing to put the effort in ahead of time, and if it’s worth the hassle to protect the data just in case the machine might someday need to be sent to a technician.
For most people, I suspect it’s just not worth the effort.
Unfortunately, there aren’t really any last-minute solutions. You might want to encrypt before you send the machine off for repair, but if your machine is so broken that you can’t do that, then you’re stuck.
There’s one possibility: if the problem you’re having the technician look into is not hard-disk related, one option might be to remove the hard disk while he or she works on your machine. He or she (or you) would need to provide a temporary hard disk so he can work on your machine, but at least that wouldn’t have your data on it. When you get the machine back, you replace your hard drive, and hopefully all is well.
Unfortunately, most problems involve the hard disk at some point. Be it actual hard disk failures or software configuration, what’s on the hard disk is typically at the heart of any repair work.
Application password protection
Using an application’s own password protection is better than nothing. If your bookkeeping program, word processor, or some other program provides this layer of protection, you should probably use it.
Ultimately, however, application password protection isn’t the same as taking steps to secure a hard drive. It’s best to think of it as no more than “keeping honest people honest”.
The problems with using the password protection provided by many applications include:
- Sometimes, a password doesn’t mean the data is encrypted. It simply prevents the application from opening the file without the proper password, but the information in the data file remains unencrypted and potentially visible.
- Sometimes, the encryption is “light”. By that I mean that the encryption is perhaps more properly called “obfuscation” to keep the data from being so easily visible. To someone truly interested in cracking the file, it’s not much of a barrier at all.
- Sometimes, the encryption is wrong. By that I mean that there are simply bugs in the application, or poor decisions made by the designers, that make the encryption less than completely secure. Application authors are rarely security experts. The net result is that the file could be vulnerable to a hacker intent on breaking in.
Yes, it’s possible – probable, even – that with major, mature, applications the encryption is appropriately secure. It’s also unlikely that your technician is an expert hacker ready to crack half-way reasonable encryption.
But, in either case, how do you know?
The bottom line is trust
Your options are few and inconvenient.
- If you can, if you’re willing, encrypting sensitive data ahead of time makes sense in general. It also protects you should your computer ever be stolen.
- Investigating the security of the password protection of your applications is a good idea; if it’s good, using it to secure your data can help.
- If you have sensitive data that you know is unencrypted or vulnerable, then never give that machine to someone you don’t trust completely.
- If you can’t find someone to trust, then perhaps not repairing the system – or at least the hard drive – might be the most pragmatic solution of all.
Naturally, I have to throw in a recommendation for backing up.
Backups sidestep this issue completely in many (though not all) cases. If your hard drive dies, rather than having a technician fix it – and potentially access your data – replace it immediately and restore from your most recent backup. Destroy the broken drive for additional security if you like.
As I said, that doesn’t work for all situations – such as a motherboard failure1 – but it’s relatively quick and easy, and above all, secure.
But like most of the solutions we’ve discussed here, proper prior planning is required.