Keep your computer secure from hands-on access.
You can have the best security software. You can be the greatest at identifying and avoiding phishing and other attempts to trick you into downloading malware. You can have the greatest, strongest passwords, doubly secured with two-factor authentication….
… and it’s all for naught the moment someone else gets their hands on your machine. Let’s look at security options at home, out and about, and going over borders; the possibility of theft; and my suggestions for each of those scenarios.
Become a Patron of Ask Leo! and go ad-free!
Your computer's physical security
Protect your devices from a variety of physical threats.
- Encrypt your hard drive.
- Require a login to access the computer.
- Log out when stepping away.
- Keep your device with you whenever possible.
- Physically secure devices you need to leave somewhere.
And possibly take extra steps when travelling internationally.
The friends and family plan: at home
This scenario is familiar.
You feel safe at home, so you don’t bother locking your computer or taking other security precautions. It’s just you and people you trust, right? Whether it’s a spouse, roommate, or a good friend over for dinner, there doesn’t seem to be a reason to take special precautions.
That’s exactly how I roll. If you walk into my home, there’s a good chance you can walk into my office and start typing away at my desktop computer.
But I often hear from folks who shouldn’t have felt so secure.
Be it a friend pulling a prank by taking a photo with your phone, a soon-to-be ex taking revenge on your online accounts, or a child just wanting to play with your shiny toy, unlimited access to the technology you have lying around isn’t the most secure approach to take.
I’m fortunate in that I feel appropriately secure for my situation. What matters most is that I’ve thought about it rather than just assuming it’s ok or not giving it any thought at all.
Usually folks who run into problems fall into the latter camp: having given little or no thought to whether they consider their home (or workplace) “safe”.
I’ll just be a second: out and about
I began writing this article in a local Starbucks — a place most folks consider anything but a “secure” location. Using the coffee shop’s Wi-Fi through a VPN, I secured my internet connection, and my laptop never left my sight.
The gentleman next to me, on the other hand, was working on something and then … left. I didn’t check to see if he was just picking up a refill or making room for more, the fact was he walked away from his open and running laptop (and a few other belongings). He returned after a couple of minutes and resumed his work.
I know if you hang out at your local coffee shop or Wi-Fi-enabled eatery often enough, it can feel like home. But it’s not. You might assume that the other mobile techie nearby is a “friend” who’ll monitor your things for a few seconds, but that’s a terrible assumption. You might assume that as long as it’s within eyesight, nothing bad will happen.
There are so many ways this can go wrong.
The most common result is theft. But walking away, even for a few seconds, opens the door to everything that unfettered access to your device allows.
Inspect this: borders
Depending on where you live, where you’re going, and the current political climate, any devices you take with you crossing an international border may be subject to inspection. That inspection could require you to provide full access to the contents of the device.
This is actually quite controversial, particularly in the U.S., and there are arguments and assumptions on both sides of the issue. What’s important here is to realize that:
- This could happen
- It involves full access
- It’s subject to the laws of the country you are traveling to, which may be radically different from what you’re used to.
It may be something most people needn’t be too concerned about, but it’s important to be aware of and consider this possibility before traveling.
Thieves? Yeah, but…
Many people consider theft to be the biggest thing to worry about.
If your data isn’t backed up and would disappear along with your computer, that might be true. But if you’ve been backing up appropriately, theft is generally just an inconvenience and not a disaster.
It’s my belief that most burglary and opportunistic theft is all about the hardware, not the data stored on it. Most thieves simply aren’t that technically savvy and are more interested in turning a quick profit by selling the hardware. Unless someone has specifically targeted you, your data is probably not that interesting, and will probably never be noticed.
Of course, “probably” isn’t never. You should still take precautions. When someone steals your equipment, they have everything on it. Depending on their level of expertise (or that of the person they sell it to), and the preparations you’ve made (or haven’t), they could once again have access to everything.
I do take steps, some of which I’ll outline below; and should anything ever be stolen, I’ll be changing passwords, of course. It’s just not the first thing I think of when securing my equipment.
Steps to take
For physical security, there are a variety of steps you can take, but the most important is simply to keep it in mind.
Encrypt, encrypt, encrypt
I’m a big fan of whole-disk encryption. I use it not only on any laptops I travel with but also on my desktop computer.
Think of whole-disk encryption as password-protecting everything. Without the correct password (be it a real password or your system log-in credentials) the information on your hard disk is inaccessible. Whoever has physical access to it simply can’t get at anything. Period.
Particularly if theft is a genuine concern, such as when travelling, whole-disk encryption is the first step to keeping your information secure. Similarly, enable encryption on any mobile devices that support it.
Important: remember that if you can’t log in to your own machine (or forget the password) you cannot access the data contained on the disk. It’s critical you have a separate backup kept secure in some other fashion. Make sure also to take advantage of any backup options, like a recovery key offered by the encryption technology you use.
Yes, having to log in to your machine is an inconvenience. But by not having a login, you’ve made it trivial for anyone to walk up to your computer and access its contents, running or not.
Minimally, make sure a password is required to access your computer, and use a screen saver that also requires a password to regain access after some period of inactivity.
Similarly, make sure your mobile device has a PIN code.1 Configure an appropriate time-out after which the device requires the code to access the device’s contents.
For bonus points, consider getting into the habit of locking your computer or device when you walk away (keyboard shortcut: + L).
Take it with you when you pee
At the coffee shop, if I need to use the restroom, my laptop comes with me. I do not trust it away from my sight. Period. You wouldn’t leave your phone sitting there when you walk away; don’t leave your laptop either.
Honestly, even walking a couple of dozen feet away to get sweetener for my coffee makes me uncomfortable, even though the device is within eyesight.
This is true for any public place you take and use your devices, including airports, libraries, and schools. It even applies when at the home of your latest new acquaintance or friend of a friend. At a minimum, make sure the device is locked if you walk away.
Lock the doors
I hear fairly regularly from individuals who’ve had their information compromised by their roommates or roommates’ friends. In situations like this, one of the most common solutions is to lock your device.
Not with software (though that’s good too) — with hardware.
Get a lock for the room containing your computer, or find some form of physical security to prevent access or theft.
Make plans for travel
Travel can be complex, depending on where you’re going and what you need to take with you.
At one extreme, the Electronic Frontier Foundation has some ideas for individuals traveling internationally that could include traveling with only pristine devices that contain no sensitive data and relying on cloud access for the information you need.
At a more practical level, the single most important thing you can do is plan for your device(s) to be lost. Not only is losing a device when traveling frighteningly common, but preparing for the possibility also readies you for theft. Encrypting, backing up, logging out, and making a habit of all the items I’ve discussed above are key to traveling safely and keeping our digital lives secure.
There are times — intentionally or otherwise — where our devices will be out of our control and potentially even in someone else’s hands. It’s at those times, it’s important to remember the most basic rule of all:
If it’s not physically secure, it’s not secure.
Footnotes & References
1: I prefer PINs over biometric authentication such as face or fingerprint recognition. There may be scenarios where you can be compelled to provide biometric information but cannot be compelled to provide a PIN.