24tips: 10 ways to secure your standalone laptops

14 Dec: let’s face it, government webbies need two machines. One for the secure work stuff, email, network connection and all that jazz, probably running a secure browser like Internet Explorer 6. And then a work machine, for doing actual internet work, running social media channels, editing video, connecting to FTP servers and liveblogging events. Quite a few teams now have this kind of setup.

While this makes life livable, it also poses a major information and reputation risk if any of these laptops are lost, stolen or cause a security breach on your network. This would be a Bad Thing, not just in itself, but in the potential media attention and the inevitable crackdown there would be on the use of non-standard laptops. So you owe it to everyone in government surviving on similar infrastructure to be smart in how you use the laptops, to make sure you avoid disaster.

Here’s ten ways to stay safe. Make sure your standalone users know them, and do spot checks on the machines themselves from time to time to make sure the rules are being followed:

1. Encrypt the hard disk: if you’re using a Mac, FileVault encryption comes as standard.
2. Use strong passwords, and document them: use a decent password for the machine, and leave a copy of it in a safe, written down.
3. Don’t keep sensitive draft documents, video snippets etc on the laptop: if you’re working with pre-publication drafts of documents, or editing video clips where ministers say potentially embarrassing things, don’t leave these on the laptop at the end of your work session. Delete and empty the trash.
4. Don’t leave yourself logged in to FTP servers, email accounts, YouTube/Flickr accounts etc: it’s slightly more annoying, but better for your own privacy as well as ensuring that you don’t risk people defacing your corporate channels if the laptop were to be lost.
5. For Windows laptops especially, check you have up to date anti-virus software: it’s common sense, and you’d do it at home. It would be silly to fall foul of that one, and your CIO won’t be impressed if you skipped this elementary step.
6. Keep the system and software updated: ensure that updates to software are applied when the machine prompts you to do so. You’re not on a locked-down, auto-updated corporate machine now!
7. No dodgy downloads and be careful of public wifi: obviously, don’t install pirate copies of software, and make sure users know that the same acceptable usage rules that apply to corporate machines apply to standalones. If you’re on public wifi outside the office, avoid making sensitive connections to unsecured FTP servers, because people steal things. A 3g connection might be marginally safer.
8. Be sensible when you carry them around: use a discreet case and take care of the laptops when you’re out and about
9. Mark the laptops with a ‘Property of [DEPARTMENT NAME]. If found, please call XXXX XXXXXXX’ sticky label: it won’t deter a thief, but if the laptop is found by a friendly soul, you stand more chance of getting it back.
10. Leave them securely in the office overnight unless you’re taking them on a work-related assignment or need to complete work out of the office: make sure the team know these are laptops provided for the team, not for personal use.