Many organizations and individuals have started to adopt basic security measures such as requiring stronger passwords, implementing two-factor authentication, and managing access control. But it’s common to forget about protection for worst case scenarios. One major oversight is what happens if someone loses their laptop or a computer gets stolen.
If the right safeguards aren’t in place, attackers could end up with all of the data on the device – personal secrets, intellectual property, financial information, valuable company data, sensitive client details and more.
This poses a huge risk for both individuals and organizations. One solution is to set up remote wiping on devices. This allows administrators to delete data even if the computer has been lost or stolen (although there are some limitations). Another useful safety measure is to implement full disk encryption so that the thief cannot access any data on the laptop unless they also manage to steal the key.
Each of these techniques can be more complicated than they seem at first, and they each come with their own pros and cons. Because of this, there are certain use cases where one option is better than the other, or both mechanisms can be combined if the threat level is high enough.
What is remote wiping?
Remote wiping makes it possible to delete data from a laptop or computer without having to be in front of the device. It’s a critical feature that both individuals and companies should consider implementing on all computers that contain sensitive or valuable data.
It needs to be set up beforehand, but if remote wiping capabilities are enabled, the owner can erase the data and prevent the attacker from stealing the information or using the data to launch further cyber attacks. This can make remote wipes a valuable tool for preventing data breaches.
If you already understand the importance of remote wiping and other security mechanisms like full disk encryption, check out the following sections to learn how to set them up. If you still aren’t quite sure what kind of attacks they could prevent, skip ahead to the Why should you enable remote wiping or full disk encryption? section to see what damage can occur when these measures aren’t in place.
How to Remote Wipe a Laptop
A variety of programs can remotely wipe a PC. In this tutorial, we will be using Prey, because it’s open source and you don’t have to pay to set it up, although if a device does get stolen and you decide to wipe it, you will need to pay for the pro subscription at that stage. It’s important to note that Prey needs to be set up ahead of time – once a laptop has already been lost or stolen, it’s too late to install any remote wiping software.
Before your device is lost or stolen
To get started, head to Prey’s download page and select the appropriate version for your PC or device. In this tutorial, we will be using the Windows 64-bit version. Once you have clicked on your download, hit Save File in the dialogue box that appears:
Once the file has finished downloading, open it to run the setup wizard. When you reach the welcome screen, click Next, followed by I Agree when the license agreement pops up. In the next screen, either select which destination folder you would like Prey to be installed in, or leave it as the default option. Click Install.
When the wizard finishes the installation, make sure that you mark the checkbox to launch Prey, then click Finish. This will bring up the following page in your web browser:
Assuming that this is your first time setting up Prey, click NEW USER, then enter your name, email address and password in the entry fields that appear. Click the box in the reCAPTCHA to prove that you aren’t a robot, as well as the checkboxes to indicate that you are over 16 years old and have read the terms and conditions. Click the blue SIGN UP button below them.
This will launch Prey’s control panel, which will show your device’s last known location:
Note that in this screenshot, the map has been moved to the middle of the ocean for privacy reasons. Normally, it will show your area with a box that notes your last known location.
Once Prey is up and running, it offers a number of features such as location services, remote locking and remote wiping, which you can use as necessary.
After a device has been lost or stolen
Let’s say that tragedy has struck, and your laptop has been either lost or stolen. The one saving grace is that you had the foresight to install a remote wiping tool like Prey to limit any potential damage. The first step is to go to the Prey website, enter your details and log in:
Once you have logged in, click on the missing device. It will show when it was last connected to the internet and where it was located. If you are lucky enough to have been robbed by a bumbling thief, they will have gone online, revealing the location of the device.
You can then use this information to track down the computer or hand it to the police to help them with their investigation. The location data is also helpful in cases where a device has simply been lost – if it’s still connected to the internet. Prey’s control panel makes it much easier to find.
If the device has been stolen, it’s important to restrict the thief’s access to the computer’s files. In the right-hand column, there are several different options:
If you wish to remote wipe the device and permanently delete the files, click Remote Wipe at the bottom of the column. Unfortunately, this feature is not available on the free plan, so you will need to subscribe to Prey Pro in order to wipe the device.
If you haven’t already signed up to Prey Pro and you really need to remote wipe the computer, click Upgrade Your Plan in the popup and follow the links to wipe your device. This will delete the data on the computer, as long as it is still connected to the internet.
If you would like to set up remote wiping in case of theft but don’t want to sign up to Prey Pro, there are a range of other software alternatives. Both Microsoft 365 and Microsoft Enterprise Mobility + Security, come with Intune, which can be set up ahead of time so that you can remote wipe any lost or stolen devices. Other companies such as Absolute and Meraki also provide remote wiping solutions.
Limitations of remote wiping
Remote wiping seems like the perfect solution for keeping data safe in worst-case scenarios, but its uses are actually more limited than you may think. One significant issue is the lag in time between a potential theft and the remote wipe. Another problem is that the device needs to be connected to the internet for a remote wipe to work.
The time between the theft and the wipe
When things are stolen, we often don’t notice straight away. It can be hours, days or even weeks before we realize that our computer has been stolen. This lag time is critical, because it may only take minutes for a cunning thief to access data from a stolen laptop.
Even in the rare case that you witness your laptop being stolen and can race to log in and remote wipe the computer, it’s possible for the thief to access the data before you. In less favorable circumstances, they may have had days to trawl through the files and access everything they desire. Unfortunately, remote wipes can’t do anything to stop a thief that accessed the data before the wipe was conducted.
The device needs to be online
Another limitation of remote wiping is that a stolen device needs to be online for it to work. Any thief that knows what they are doing will keep the laptop offline for exactly these reasons – they don’t want the device to be tracked, or for the data to be wiped. This means that you may never get a chance to use the remote wipe functionality that you put so much effort into setting up.
If the device is connected to the internet after the theft, then it’s likely that the thief is an amateur, or just stealing the laptop itself to sell. In these cases, it’s unlikely that they are targeting the computer’s data, so a remote wipe may not be necessary.
Does the data actually get deleted?
There is a lot of conjecture over whether or not data is recoverable once it has been wiped or deleted. Whether or not it is possible will depend on a number of factors, including how the drive was wiped, whether it’s a modern drive or an old one, a solid-state drive or a hard disk drive, and just how sophisticated the attacker is.
According to a study from 2008, in most circumstances, a single wipe with the appropriate software will be enough to prevent the data from getting into the attacker’s hands. However, if you are dealing with a well-resourced adversary and an older drive or a solid-state drive, there is a possibility that they may be able to recover the data after it has been wiped.
Protecting stolen devices with full disk encryption
In some situations, remote wipes aren’t effective or feasible to protect a lost or stolen laptop. In many cases, full disk encryption can be a better alternative, or it can be used to complement remote wipe capabilities.
When a computer’s disk is fully encrypted, it means that all of the disk’s data has been locked down with cryptographic software or hardware. This prevents unauthorized access. When full-disk encryption is used, the data can only be accessed by users who have the key. Otherwise, the data remains unusable as ciphertext.
Full disk encryption is an excellent method for protecting data, especially if a device is lost or stolen. Even if a device ends up in the wrong hands, would-be thieves can’t access the data unless they also have the key.
This approach can be advantageous over remote wiping because there is no window of opportunity for the criminals in between the time of the theft and the time that the remote wipe takes place.
Another major benefit is that the device doesn’t need to be connected to the internet in order to keep the thief from accessing the data. While the data is still technically on the computer, the encryption makes it inaccessible without the key – there is no need for an internet connection to lock down or delete data from the device because it is already locked down by default.
The easiest way to implement full disk encryption in Windows 10 is with BitLocker, although it is only available for Windows Pro, Enterprise and Education users. If you’re on Windows 10 Home, Bitlocker is not available. The following tutorial also requires your computer to have a Trusted Platform Module (TPM) chip, although there are ways that you can set up Bitlocker without one.
If BitLocker is not an option for you, you could try VeraCrypt, which is a free and open-source full-disk encryption program. Some users prefer it over BitLocker, because it allows anyone to inspect the code, and the organization behind VeraCrypt is not beholden to a major company like Microsoft.
Setting up full disk encryption with BitLocker
The first step is to sign in to Windows with an administrator account. Once you have logged in as an administrator, go to the Control Panel, then select BitLocker Drive Encryption:
Click Turn on BitLocker. The BitLocker wizard will start to run, scanning your computer to make sure it has a TPM chip and meets the other requirements. If system changes are required, the BitLocker wizard will recommend any necessary steps.
Once Bitlocker is ready, it will prompt you for either a USB key or a password. For most users, a password will be the most practical option.
It’s important to note that even the best encryption tools are easily undermined by weak passwords. If you use a short and simple password, or the same one for each of your accounts, you can’t expect your encrypted disk to be very secure. Check out our guide about creating and managing strong passwords to learn how can you improve your security or use our password generator.
Enter your strong password, then enter it again in the following field to confirm that you have typed it in correctly. You will then be led to the following screen for key recovery options:
These are the choices that Microsoft offers in case you forget or lose your key. It’s best to avoid Save to your Microsoft account because email isn’t very secure. The better options are either:
- Save to a file – You can save the key on a USB that you use solely for this purpose. Put it in a safe or hide it carefully, and don’t connect the USB to your computer unless you need to recover the key.
- Print the recovery key – You can keep a backup of your key by printing it, then carefully hiding the page in your home.
In the following screen, you will be asked how much of your drive you want to encrypt. Encrypt used disk space only is best for new computers or drives. If it’s a drive that is already in use, you are better off selecting Encrypt entire drive so that the whole drive is encrypted.
You can then choose your encryption mode. Since we are using BitLocker to encrypt a computer’s hard drive in this example, click on New encryption mode, which is aimed at fixed rather than external hard drives.
Once you have gone through all of these stages, BitLocker will ask you to restart your computer for a system check. When it boots, you will be prompted to enter your BitLocker password before you can access the drive.
You will be asked, “Are you ready to encrypt this drive?”. Click on Continue and the disk encryption process will begin. It can take anywhere from a few minutes up to a few days, depending on how much data needs to be encrypted.
Once the drive has been encrypted, the only way you will be able to unlock it and access the files is by entering the password that you set up earlier. This is why it is so important to store the password carefully.
Not only might you forget the password and need to be able to access your backup copy, but you also need to keep it hidden, because anyone who comes across it has the potential to access all of your files.
The limitations of full disk encryption
As with most aspects of security, there are also some downsides that come with full disk encryption. One of the major weak points is that the encryption is only strong if good password practices are followed. If a hacker can find the password or crack it, then accessing the data is trivial.
This is an issue in many areas of information security, and it can be mitigated through practices such as:
- Using complex passwords.
- Using a unique password for each account.
- Using a password manager.
- Not leaving the password written down in easy to find locations.
- Social-engineering awareness and training.
The other major issue is that even the best methods of encryption don’t stay secure forever. The algorithms that we use involve a trade-off between security and usability. The more secure an algorithm is, the more time it takes to encrypt and decrypt, and the more computing power it uses.
For the sake of efficiency, we tend to implement encryption algorithms that are secure for the medium-term future. If we encrypted data with the intention of keeping it safe for the next century, it would require too much time and computing power for it to be usable.
Over time, our technology develops, processing power becomes cheaper and new cryptanalysis techniques are discovered. Algorithms that were considered secure in the past, such as DES, can now be decrypted by motivated and well-resourced adversaries. This means that any old data that was encrypted with DES can potentially be accessed.
At the moment, AES-256 is viewed as the gold standard for symmetric encryption. When it is implemented correctly, it is considered infeasible to crack, even for the most powerful organizations.
However, just like with DES, technology will improve over the coming decades and it will become more and more practical to circumvent AES. This means that data that is currently encrypted with AES will eventually be insecure, making it possible for our adversaries to access it.
Of course, much of the data that is currently considered sensitive or valuable will be completely worthless by that time. Despite this, some data will still retain its value, and in these long-term cases, wiping the drives is a more effective way to provide security for the future than full disk encryption.
While this scenario may seem paranoid, leaked NSA documents imply that the organization can keep certain encrypted data until it finds a way to crack it. Sure, it’s not something that needs to be worried about for the threat level that most individuals and organizations face, but there are situations where future decryption potential needs to be considered.
Combining remote wiping with full disk encryption
There are many scenarios where either remote wiping or full disk encryption will be sufficient to protect the data. In situations where data is incredibly valuable and is anticipated to retain its value for decades, it may be best to combine both mechanisms.
If both full disk encryption and remote wiping are set up, a thief will not be able to access the data straight after the initial theft (unless they have already acquired the password – again, the chances of this occurring can be reduced by adopting good password management practices).
If the device gets connected to the internet, then it can also be wiped remotely to prevent future access to the data. This provides further protection in case the password is ever discovered, or new techniques are developed to circumvent the encryption in the future.
Of course, the device would still need to be connected to the internet for the remote wipe to work, but at the very least, combining these two approaches gives administrators extra layers of protection. It also means the attackers have more opportunities to make a mistake.
Why should you enable remote wiping or full disk encryption?
When remote wiping hasn’t been enabled and other safeguards aren’t in place, attackers may be able to access anything on the laptop or PC. From massive data breaches to IP theft, this oversight can have huge impacts on businesses and individuals.
These aren’t just theoretical attacks. There have been numerous past examples of stolen laptops or other devices leading to catastrophes. Some of them include:
Veterans Affairs data breach
One of the most damaging laptop-related data breaches occurred in 2006. An unencrypted laptop containing data from 26.5 million US veterans was stolen from the home of a data analyst.
The data included social security numbers, disability ratings and other personal details. In 2009, the Department of Veterans Affairs reached a settlement with those that were affected. The class-action lawsuit originally sought $1,000 for each person whose data was stolen, however, they ended up reaching an agreement for a total payout of just $20 million.
MD Anderson Cancer Center theft
Between 2012 and 2013, MD Anderson Cancer Center had a laptop and two USB drives stolen. The thefts included unencrypted data from 34,800 patients. Although there is no evidence that the personal data was accessed by unauthorized individuals, the Texan company was still fined $4.3 million in 2017.
The company appealed the decision from the Department of Health and Human Services, but the penalty was upheld by the presiding judge. Judge Steven Kessel rejected MD Anderson’s arguments, stating that the organization “…made only half-hearted and incomplete efforts at encryption over the ensuing years.”
The judge’s decision deemed that it was irrelevant whether or not the data had been accessed in an unauthorized manner. He ruled that the company had failed to protect the personal details from disclosure, making it liable.
Coplin Health Systems laptop theft
At the start of 2018, a West Virginian healthcare organization had one of its laptops stolen from an employee’s car. The laptop belonged to Coplin Health Systems and it was password-protected, however, the data wasn’t encrypted, nor was remote wiping enabled, which left open the possibility that the data from 43,000 patients could be accessed.
The patient information included health data, Social Security numbers and financial information. At this stage, there is no evidence that the data has been abused by hackers, but Coplin Health Systems was still required to notify those who were affected, as well as the Department of Health and Human Services’ Office for Civil Rights. This is because the laptop lacked the appropriate safeguards, and the theft still posed a risk to the patients and their data.
Stolen laptop from Eir
It’s not just the US were laptop theft is so rampant and damaging. Eir, the Irish telecommunications company, also had an employee’s laptop stolen in 2018. While the laptop was supposed to have been password protected and encrypted, a flawed security update from the day before the theft resulted in the laptop’s data being decrypted when it was stolen.
The flaw made it possible for the thief to access the data of 37,000 Eir customers. The data included names, email addresses, account numbers and phone numbers, however, the company said no financial data was at risk.
The company reported the incident to the Data Protection Commissioner as well as the affected customers. This incident shows just how vigilant companies need to be in protecting their data. While security flaws are an unfortunate reality, it’s possible that a remote wipe capability could have protected the data from unauthorized access.
Canadian Department of Health laptop theft
At the end of 2018, a laptop was stolen from a government employee in Canada. The unencrypted laptop was taken from a locked car, and it contained health information concerning close to 40,000 individuals from the Northwest Territories.
Between emails and files, the laptop contained some extremely sensitive health information, including records on “…HPV vaccinations, C. difficile (colon infections), pap smears, whooping cough, blood tests for tuberculosis, sexually transmitted infections and antibiotic-resistant diseases, among others.”
On top of the health data, the laptop also contained personal details that could be used for identity theft and other crimes. The device was apparently left unencrypted because it was a hybrid tablet and laptop that was not compatible with the IT department’s encryption software.
A laptop that is required to handle such sensitive information should never be released to an employee without the right protection measures, no matter how hard it is to encrypt. If it isn’t possible, then a secure device should be issued for the task instead.
Secret Service laptop theft
On the other side of the spectrum, in 2017 a Secret Service agent’s work laptop was stolen from a car in New York City. Despite the theft, the laptop contained appropriate security measures to mitigate any potential harm.
The Secret Service fully encrypts its employees’ laptops and doesn’t permit them to contain any classified information. They also have remote wipe capabilities to make the devices useless to any attackers. While it’s impossible to stop thefts from occurring, having a comprehensive cybersecurity policy in place can help to limit any damages that may occur.
Remote wiping and full disk encryption minimize risks
The incidents listed above show just how much damage can occur if organizations don’t take the time to secure their devices ahead of time. We have a tendency to underestimate the risks or imagine that certain scenarios will never happen to us – until it’s too late. The reality is that our laptops often contain highly valuable data and are a prime target for thieves.
Although it may seem like a hassle to set up remote wiping or full disk encryption on your computers, it’s a small price to pay compared to the huge costs that can come from data breaches.