ate. Remember, this is in relation to portable media only – encrypted e-mail and other central security policies (such as anti-virus, firewalls and passwords) should be controlled centrally and form part of a layered approach to information security.
What can be used? Products are relatively cheap and simple to manage. There is some inevitable capital expenditure required, though this is likely to be fairly low. With a little effort, you can have a compliant, inexpensive, non-intrusive and completely scalable solution for mobile media security.
There are many encryption products on the market but we would suggest the chose product is:
- FIPS 140-2 compliant – ensures that the product meets the required standard of encryption levels.
- Present on the Treasury Solicitor’s guidance list, as agreed with the Bar Council.
- Centrally managed, meaning the encryption, decryption and storage of encryption keys is secure and backed up
Remote track and wipe
In addition to the pre-boot authentication products, it is possible to install an agent (that cannot be removed) in the BIOS of a laptop that enables the scheme administrator to:
Send a remote ‘lock’ command to the laptop.
Send a remote message to the laptop to display on the screen to encourage its return.
Track the laptop using wireless triangulation and geotechnology.
Create rules to alert you, for example, when a laptop leaves a geographical boundary, or when the operating system is reinstalled.
Send a remote wipe command and even receive a log of the files that have been deleted as the hard drive is purged
With your laptops safely encrypted and the ability to remote wipe, the last major data leak via portable media is from USB drives. The simple solution is to purchase hardware encrypted USB drives. The managed version of the devices can also be remotely wiped if lost or stolen. In the case of chambers, a stock of encrypted USB drives could be held centrally, ready for use as and when the data controller deems necessary.
Matt Torrens is a director legal IT company SproutIT
Tags: data protection