Keep your private things private.
This presents quite the dilemma.
To answer your second question first: no. There’s no way to determine if your files have been viewed or copied.
As for protecting your data, there’s no guaranteed solution. I’ve even heard of companies electing not to repair a hard drive because doing so would expose sensitive data to repair technicians.
Your options are somewhat limited, but if you can plan ahead, there’s a chance of preserving security.
Become a Patron of Ask Leo! and go ad-free!
Securing a hard drive
Securing a hard drive from the eyes of a nosey repair technician can be difficult. The proper solution is to encrypt sensitive data separately from the operating system, but this must be done before repairs are needed. Without that, it all boils down to trust.
The problem is basic. Handing your computer — or even just its hard disk — to a technician for repair violates one of the fundamental principles of computer security: if ‘s not physically secure, it’s not secure. Period.
That’s true regardless of the reason. Handing your computer over to anyone is fundamentally not secure.
It all boils down to trust. In an ideal world, a trustworthy technician would work on your machine. In the real world, we’ve all heard stories of data being exposed or stolen by the folks performing repairs.1
So what to do?
Plan ahead with encryption
The only secure solution is to encrypt your hard drive or the sensitive data you store on it.
You might opt for whole-disk encryption. The problem is, the technician might still need access to the disk to fix your machine — meaning you’ll have to share the decryption key so they can boot the system. After doing so, they’ll have access to everything.
When your data is not “mounted” (the approach both of those tools use to access your encrypted data), your technician can work on your machine without being able to access your sensitive information.
Encryption ahead of time is nice if you’re willing to put in the effort just in case the machine might someday need to be sent to a technician.
For most people, I suspect it may not be worth the effort.
Unfortunately, there aren’t any last-minute solutions. You might want to encrypt before you send the machine off for repair, but if it’s so broken you can’t, then you’re stuck.
There’s one possibility: if the problem you’re having is not hard-disk related, one option might be to remove the hard disk while they work on your machine. Someone would need to provide a temporary hard disk so they can work on the machine, but at least that wouldn’t have your data on it. When you get the machine back, you replace your hard drive, and hopefully all would be well.
Sadly, most problems involve the hard disk one way or another. Be it an actual hard disk failure or software configuration, what’s on the hard disk is typically at the heart of any repair work.
Application password protection
Using an application’s own password protection is better than nothing. If your bookkeeping program, word processor, or some other program provides this layer of protection, use it.
Ultimately, however, application password protection isn’t the same as taking steps to secure a hard drive. It’s best to think of it as just “keeping honest people honest”.
Here are a few of the problems with using the password protection provided by many applications.
- Sometimes, a password doesn’t mean the data is encrypted; it simply prevents the application from opening the file without the proper password. The information in the file remains unencrypted and possibly visible.
- Sometimes, the encryption is “light”. By that, I mean the encryption is more properly called “obfuscation” to keep the data from being easily visible. To someone truly interested in cracking the file, it’s not much of a barrier.
- Sometimes, the encryption is incompetent. By that, I mean that there are bugs or poor decisions made in creating the software that make the encryption less than secure. Application authors are rarely security experts. The result is the file could be vulnerable to a hacker intent on breaking in.
Yes, it’s possible — probable, even — that with major applications the encryption is appropriately secure. It’s also unlikely that your technician is an expert hacker ready to crack reasonable encryption.
But, in either case, how do you know?
The bottom line is trust
Your options are few and inconvenient.
- If you can, encrypt sensitive data ahead of time. This also protects you should your computer ever be stolen.
- Investigate the password protection in your applications, and use it to secure your data.
- If you have sensitive data you know is unencrypted, vulnerable, or particularly sensitive, never give that machine to someone you don’t completely trust.
- If you can’t find someone to trust, then perhaps not repairing the system — or at least the hard drive — might be the most pragmatic solution of all.
Backing up can help
Naturally, I have to throw in a recommendation for backing up.
Backups sidestep this issue almost completely. If your hard drive dies, rather than having a technician fix it — and potentially access your data — replace it, and restore from your most recent backup. Destroy the broken drive for additional security if you like.
If the problem is not your hard drive, you could still remove or reformat it before sending it in for repair. Once the repair is complete, you would simply restore from backup. This doesn’t resolve software issues, where the technician requires access to the software on your machine, but it does provide an additional option for other hardware-related failures.
And like most of the solutions I’ve discussed, proper prior planning is required.
Consider encrypting your important data now, before you need to.
Then, learn more about security and safety each week by subscribing to Confident Computing! More confidence and less frustration — solutions, answers, and tips — in your inbox every week.
Footnotes & References
1: To be clear: it’s only a tiny percentage of repair folk responsible. The catch is knowing who’s trustworthy.