What can I do to protect my data on laptop if it were stolen?

There were similar question like How to secure a laptop against thieves.

But my question is different

I have family images, documents, some personal videos, etc (aound 500 GB).

I have backups. So even if my laptop were stolen I can get all my data.

But my data should not go to others. I have currently set a Windows password... But a thief can boot my laptop via Linux and then can access the files.

So what can I do to protect my data even if my laptop is stolen?

I am the Most Stupid Person

Posted 2017-12-04T10:37:24.803

Reputation: 293

13encrypt the whole partition – Ipor Sircer – 2017-12-04T10:38:31.367

3Assuming your laptop does not contain the latest nuclear war details then encrypting the hard drive should be sufficient enough to deter people from getting into your files because it is much easier to just reformat and re-install Windows in the eyes of the thief. – MonkeyZeus – 2017-12-04T13:22:04.577

Use Large Capacity Thumb Drives? Expensive but portable. Can't get data off of your laptop... if the data isn't on your laptop.

– WernerCD – 2017-12-04T14:18:07.903

@WernerCD Portable HDD (and I mean the truly portable ones, not the one requiring a power outlet) are a lot cheaper and can be about as big as normal HDD. Probably a better alternative. – None – 2017-12-04T18:28:28.533

Esentially, there is not much you can do if someone has physical access and knows what they are doing. However, the consensus in the security world is ENCRYPTION WORKS. Heed the encryption advice and learn how to implement it properly. I do not use encryption but I personally just just minimize my mobile data profile. Data is available mobily, but the data is not primarily, if at all, stored on the mobile device. The more important it is, the less it is available mobily, not even cloud in some cases. We use both a personal (e.g. Resilio Sync) cloud and hosted (e.g. Dropbox) cloud. – Damon – 2017-12-04T19:07:02.350

Encrypt with two layers. One at boot filesystem level and one OS level for your user. If you are feeling really paranoid add a few extra layers with truecrypt or similar software. But just make damn sure you know all passwords reeeally well. – mathreadler – 2017-12-04T21:42:44.493

@Mast yeah, my link was thumb drives - and a 1TB USB HDD/SDD is going to cost less than a than a 1TB thumb drive. A USB Samsung SSD 500gb is only 200. I was thinking 500gb thumb drives but should have considered the bigger but only slightly less portable versions that aren't an arm and a leg for 500gb+.

– WernerCD – 2017-12-05T13:04:13.930

Answers

Encrypt you hard disk.

On Windows you can do it using Bit Locker and on Linux there is also a native tool to encrypt the hard disk.

jcbermu

Posted 2017-12-04T10:37:24.803

Reputation: 15 868

Likewise on a mac it's a built in feature called FileVault - see https://support.apple.com/en-gb/HT204837 on how to enable it. IMHO it should be on by default on all systems these days.

– Ralph Bolton – 2017-12-04T12:17:18.157

5Also encrypt your backups, there's nothing more silly than an impenetrable computer with unencrypted backups all over the place. – zakinster – 2017-12-04T15:04:09.637

1Alternative freeware: VeraCrypt – Hans Janssen – 2017-12-04T15:40:33.843

4@zakinster Encrypting the laptop and encrypting the backups are two completely orthogonal solutions, to protect from different threats. – pipe – 2017-12-04T15:57:54.403

3@pipe when the backup is an HDD that lies in the front pocket of the laptop case or in the first drawer under the desktop computer, that may very well be a second attack vector for the very same threat. As for the solutions, most (BitLocker, FileVault, VeraCrypt, etc.) can handle both full disk and external backup encryption. – zakinster – 2017-12-04T16:07:38.373

2@zakinster that's not a backup.... that's an accident waiting to happen. That said, encrypting any copies of the data are a good idea however it's not within the scope of the question. – djsmiley2k TMW – 2017-12-04T16:37:48.620

2I don't encrypt my backups. I want those backups accessible, even if I've passed away, lost my memory, or the bits have rotted. The backup disks are under lock and key. Your threat model may vary from mine. – dotancohen – 2017-12-04T19:21:35.983

Isn't Bitlocker for Windows Pro versions only? Or am I thinking of folder encryption? – Reactgular – 2017-12-04T19:28:38.713

In addition to encrypting the hard disk (which should be the primary answer), you can also minimize exposure by relying more on resources stored elsewhere. Use cloud storage, or connect to a VPN for files stored at your workplace, rather than saving them directly on the device. A remote desktop services environment is also very good for this.

This reduced data loss exposure from device theft is one reason (among several) businesses have been so willing to move to cloud environments. I also know of at least one large business that is transitioning to Chromebooks for this reason. They still have a primarily Windows environment where the Chromebooks just connect to RDS for everything. Suddenly a lost device is much less of a big deal for them; it's only $200 to replace the device and there's no significant data breach risk.

You can also get remote management tools for laptops that will do lockouts and even encrypt or destroy data after the fact, but these are much less robust. It's too easy to just remove a hard drive from a laptop and plug it in as a guest in a different system. Then the lockout tool never runs and you can exfiltrate whatever data you want.

Joel Coehoorn

Posted 2017-12-04T10:37:24.803

Reputation: 26 787

1+1 for putting everything in cloud storage. The best way to protect your data in case of laptop theft is for it to not be stored on the laptop in the first place! – Eric Seastrand – 2017-12-04T20:20:05.227

1However, significant thought and design has to be put in to architecting safe, secure and legally compliant cloud storage for devices not storing data locally. There's been too many embarrassingly large breaches involving private datasets leaked out to the public recently that might never have happened in an offline storage scenario. – Chris Woods – 2017-12-04T20:55:07.083

1@Eric: what if the cloud service gets hacked? – mathreadler – 2017-12-04T21:55:39.807

The OP is worried about third parties getting access to his data, and your solution is to upload the data to a third party. – Jörg W Mittag – 2017-12-04T22:05:31.797

2@mathreadler While a real concern, and something that does happen, it actually happens a lot less often then laptops being stolen. Also, cloud is one option for not storing data on local laptops. I also mention RDS and VPN, which aren't exactly 3rd party. – Joel Coehoorn – 2017-12-04T22:28:57.460