Today, most businesses run on laptops. Business users are often targeted by malware. One question that every business owner has to answer is how secure the laptops within their organization really are. According to CSO Online, every business should take laptop security seriously, even when endpoint security is present. Moreover, because attackers are very diligent, they always know how to exploit a device and its weak spots. And laptops are known to be vulnerable – from bloatware to gaping vulnerabilities (like the ones in Lenovo).
There are some new techniques and products that can help improve laptop security for every user, be it home or business. Let’s have a look at them.
Technique Number One: Kill Switch
Kill switch is a feature already present in Purism Librem 13 laptops. This is what the vendor says about the kill switch:
Now with a physical toggle switch, when your camera and microphone are switched off, you know they are off. Wireless and Bluetooth are combined in a second hardware switch to control all your radio signals inbound and outbound.
Hardware kill switches are becoming more popular. How do they work, though? Basically, when you activate a kill switch, it cuts the power to a specific component. In the case of a laptop, being able to control the camera and the microphone is essential, as both hackers and the government can easily exploit them for spying on you.
Technique Number Two: Microsoft Windows Hello
Windows Hello is the next step towards the diminishment of password use. It is a new way to sign in to your devices, apps, online services, and networks. It’s more secure than using a password, because it uses “biometric authentication”—you sign in with your face, iris, or fingerprint (or a PIN), Microsoft says.
Windows Hello is a more personal way to sign in to your Windows 10 devices with just a look or a touch. You’ll get enterprise-grade security without having to type in a password.
More vendors like Dell and Lenovo and including this authentication in new models. The infrared camera that scans the user’s face and grants access is quite difficult to hack. It can be built into the laptop and is there by default in Windows 10, and it’s optional. It’s up to users to decide whether they want to use the feature or not. Microsoft also reassures that “Windows never stores pictures or images of your face, iris, or fingerprint on your device or anywhere else“.
Technique Number Three: USB Two-Factor Authentication
Have you ever considered using USB two-factor authentication? There’s hardware for that, like the YubiKey:
A YubiKey is a small hardware device that offers two-factor authentication with a simple touch of a button. YubiKeys are built strong enough for the largest enterprises, while remaining simple enough for anyone to use. The YubiKey NEO offers both contact (USB) and contactless (NFC, MIFARE) communications. YubiKeys support FIDO U2F, Yubico-OTP, OATH-OTP, OATH-HOTP, OATH-TOTP, OpenPGP, and PIV, and one security key can support an unlimited number of applications without the need for drivers, client software, or batteries.
Gmail actually provides 2FA through such a USB. If you decide to use one, you can only gain access to your email if the key is present in the USB drive! Why should you consider employing this solution? Email is one the most exploited attack vectors, it’s basically a gateway to your personal information, banking details, social media profiles, and in many cases, your files.
Ronnie Manning, a YubiKey spokesperson, says that yubikeys are “crushproof, waterproof and require no drivers or battery“.
Which of these techniques would you consider applying on your laptop?