How to secure a laptop?

Many people are installing laptop-tracking software such as LoJack for Laptops, which can certainly aid in recovery. The problem is that by the time the system is recovered, sensitive information on the laptop could've been compromised.

The only truly secure solution (although still not 100% -- nothing is) to keep information from being compromised is to use a whole disk encryption technology such as PGP Whole Disk Encryption, Voltage Security SecureDisk, and SecurStar DriveCrypt Plus Pack. They're independent of the operating system and use much stronger encryption technologies and some can even be centrally managed reducing administrative burdens. Even if stolen computers are powered on, as long as the entire drive is encrypted and the screen is locked, the only option for the criminal is to reboot the system to try and get in. Once he does that, he'll be prompted for a passphrase to unlock the drive. As long as the passphrase to encrypt the drive is strong -- he's at a dead-end. Also, be on the lookout for BitLocker Drive Encryption in Windows Vista as well as the built-in encryption features in the new Seagate Momentus drives. These technologies seem promising as well.

Remember that policies enforced by technologies -- not just trusting users to do the right thing -- will keep sensitive information on your computers from being compromised. Sure, it's going to cost money (up front and ongoing) in both software licenses and operational costs. But that seems like a better alternative than losing credit card merchant privileges, explaining to one or more government regulatory bodies why your stolen systems weren't protected or having to notify every single person whose information is believed to be compromised.

Here are some final takeaways to keep your laptops and other stolen computers safe:

1. Look at your laptop vulnerabilities from a malicious-eye view and revisit this issue often.
2. Educate your users -- over and over again until it's ingrained in their minds -- that thoughts like "I'm just going to run into the grocery store real quick -- the laptop will be OK in the car" and "I just need to step into the restroom real fast -- others in the coffee shop will lookout for my stuff" are very dangerous and can end up getting a lot of people in trouble.
3. Ensure screens are getting locked via CTRL-ALT-DEL or a short screensaver timeout.
4. Configure Windows to require passwords to be entered upon return from hibernate, suspend or a screensaver time out.
5. Most importantly, use whole disk encryption with strong passphrases.

There's always the chance that your stolen systems will be sold, new software will be reloaded, and nothing bad will ever come of it. However, you've got to look at the worst-case scenario. Given that so much information is being stored in so many different places, without whole disk encryption in place combined with sensible password and screen-locking technologies, there's not really any way to be sure everything's protected at all times. That's a risk no savvy business person should ever be willing to take.