In addition to encrypting the hard disk (which should be the primary answer), you can also minimize exposure by relying more on resources stored elsewhere. Use cloud storage, or connect to a VPN for files stored at your workplace, rather than saving them directly on the device. A remote desktop services environment is also very good for this.
This reduced data loss exposure from device theft is one reason (among several) businesses have been so willing to move to cloud environments. I also know of at least one large business that is transitioning to Chromebooks for this reason. They still have a primarily Windows environment where the Chromebooks just connect to RDS for everything. Suddenly a lost device is much less of a big deal for them; it's only $200 to replace the device and there's no significant data breach risk.
You can also get remote management tools for laptops that will do lockouts and even encrypt or destroy data after the fact, but these are much less robust. It's too easy to just remove a hard drive from a laptop and plug it in as a guest in a different system. Then the lockout tool never runs and you can exfiltrate whatever data you want.
13encrypt the whole partition – Ipor Sircer – 2017-12-04T10:38:31.367
3Assuming your laptop does not contain the latest nuclear war details then encrypting the hard drive should be sufficient enough to deter people from getting into your files because it is much easier to just reformat and re-install Windows in the eyes of the thief. – MonkeyZeus – 2017-12-04T13:22:04.577
Use Large Capacity Thumb Drives? Expensive but portable. Can't get data off of your laptop... if the data isn't on your laptop.
– WernerCD – 2017-12-04T14:18:07.903@WernerCD Portable HDD (and I mean the truly portable ones, not the one requiring a power outlet) are a lot cheaper and can be about as big as normal HDD. Probably a better alternative. – None – 2017-12-04T18:28:28.533
Esentially, there is not much you can do if someone has physical access and knows what they are doing. However, the consensus in the security world is ENCRYPTION WORKS. Heed the encryption advice and learn how to implement it properly. I do not use encryption but I personally just just minimize my mobile data profile. Data is available mobily, but the data is not primarily, if at all, stored on the mobile device. The more important it is, the less it is available mobily, not even cloud in some cases. We use both a personal (e.g. Resilio Sync) cloud and hosted (e.g. Dropbox) cloud. – Damon – 2017-12-04T19:07:02.350
Encrypt with two layers. One at boot filesystem level and one OS level for your user. If you are feeling really paranoid add a few extra layers with truecrypt or similar software. But just make damn sure you know all passwords reeeally well. – mathreadler – 2017-12-04T21:42:44.493
@Mast yeah, my link was thumb drives - and a 1TB USB HDD/SDD is going to cost less than a than a 1TB thumb drive. A USB Samsung SSD 500gb is only 200. I was thinking 500gb thumb drives but should have considered the bigger but only slightly less portable versions that aren't an arm and a leg for 500gb+.
– WernerCD – 2017-12-05T13:04:13.930