|
Information Security Tips Series |
||
|
0 Photo |
||
In the last two issues, we went through a few security reminders on the purchase, installation, setup, and day-to-day usage of laptops. In this last issue of the series, we cover the potential security loopholes that may be overlooked in the disposal, sale, lending and maintenance of laptops. Clearly, lack of care in this aspect is likely to result in data loss or information leakage. Disposing Laptop Computers
It is generally accepted that personal data and work-related sensitive information must be handled with due care to avoid information leakage. Therefore, when you dispose, sell an old computer, or throw away a used or defective storage media such as a hard disk or a floppy disk, are you sure nothing sensitive was left in that computer or storage media? Are you sure disposal or re-use of such storage media will not cause data privacy problems? In terms of data erasure, the ideal method is to remove the hard disk from the laptop and degauss it in a magnetic degausser. The downside is that the hard disk will no longer function after this process. Thus, degaussing is useful in situations where the hard disk is defective and cannot be sanitised by the method of overwriting. An alternative is to format the hard disk if it is impractical to degauss it. However, this method may not properly erase the previously written data in a storage media, as in theory the data can still be reconstructed with some sophisticated tools. Nowadays, a majority of laptop computers come with some sort of "System Recovery" options, which allow users to format and restore the system drive (i.e. C drive) to its factory state, thereby destroying all the data by taking a few simple steps. However, bear in mind that additional drives like D drive and E drive must be formatted manually. For those who plan to donate computers and hard disks to some recycling programmes organised by social welfare groups, we should find out whether the hard disks are subject to proper cleansing procedures such as degaussing or formatting, before they are reused in order to avoid inadvertent information leakage. In case you have to lend your laptop to someone else on a temporary basis or leave your computer behind for maintenance, it is suggested that you should delete or move all files containing personal and sensitive information. Alternatively, we may also encrypt or apply "open/edit" passwords to selected folders or files. Some computer maintenance shops will return the hard disk to their customers when they collect the computer for maintenance. Check with the staff there to find out more details. Further, do not forget to take out any mobile storage media, such as CD/DVD, flash memory cards and SIM cards from the laptop before disposal. Security Features of Tablet Computers
Apart from password login and support for standard network communication security protocols, some tablet computers offer more robust security features not commonly found on standard laptops, such as hardware-based data encryption similar to that of the encrypted USB thumb drives. Some tablets can be configured to erase all data stored on the device on repeated login failures. Other unique security features that promise to reduce the risk of accidental data leakage include remote device lock and remote data wipe out. Besides, the built-in Wifi and 3G location service may help to search your device in case it is lost. Nevertheless, tablet computers, like ordinary laptops, are still susceptible to malicious software, resulting in unauthorised information disclosure. Finally, please keep in mind that, according to the Force Information Security Manual, all privately owned computers, including laptops and tablets, should not be used for official purposes unless prior approval has been granted. |
||
| <<Back to Features>> <<Back to Top>> |