If your computer is lost or stolen, then you can prevent the person who finds or steals it from accessing any of your files and other data. The bad news is that you can only do that if you took preventative measures before the loss. Furthermore, the tools you can use to remotely wipe an SSD or hard drive require a sacrifice of some privacy and security. If you aren’t already making those sacrifices, you may decide that encrypting the drive or partition that contains your important content is a better preventative strategy than being able to erase all files from it. This article describes and explains these options.
What is remote wiping?
“Wiping” means erasing all files from a drive. Data recovery services may be able to restore some or all the deleted content, but they cost hundreds of dollars and would not be used by an ordinary thief.
To perform remote wiping (or remote locking), you do not need to be in the same location as the person who is in possession of your missing computer. However, your missing computer must be booted and connected to the internet.
Privacy, security, and financial costs
All of the tools that enable remote wiping require that you have your location turned on in Windows. When you install Windows or get a new computer, location is turned on by default. It is only likely to be off if you or the person who set up your computer made that change.
To check, open PC Settings. Click Privacy. Click Location under App permissions in the left-hand windowpane. Unless all the settings are off, Microsoft and your web browser(s) know where your computer is.
Many of the tools that enable remote access require that you have a Microsoft account. If you are using the Home version of Windows 10 or 11, you were required to set up a Microsoft account. You also have one if you:
- Subscribe to Office 365,
- Use Office 2013 or a newer version of Office,
- Acquired free or commercial software from the Microsoft store,
- Use any of Microsoft’s online services (e.g. Outlook.com, Xbox Live),
- Succumbed to Microsoft’s plea to start a Microsoft account when you set up your computer, or
- Recently installed Windows 11 Pro. In February 2022, Microsoft announced that a Microsoft account would be necessary to complete the installation. That requirement was apparently immediately implemented.
If your computer’s location is already turned on and you already have a Microsoft account, you do not need to make any additional privacy or security sacrifices to enable remote drive wiping. Broadcasting a computer’s location and having a Microsoft account does have a security benefit. If your computer is lost or stolen and is subsequently connected to the internet, Microsoft can help you find it and lock it (see below).
Dedicated and multi-function commercial programs can be used to remotely wipe a drive. Some are sold, and some are only available by subscription. Most are enterprise-oriented and not cheap for home users.
An alternative called Prey (see below) can be free with a catch. The catch is that you must pay for a subscription to be able to remotely wipe a drive. However, the Free version will let you remotely lock a drive. Prey Personal, the next step up, costs $5/month ($60/year) for three devices. You can remotely wipe a drive with Prey Personal.
Spearstone’s DriveStrike is only $2/month. It can do remote wiping and locking. A free trial is available, although you must register for it. Comparitech has not reviewed DriveStrike yet, but user reviews are encouraging.
If the missing computer is an employer-owned or issued laptop, your employer very possibly already has or subscribes to software that can remotely wipe a drive.
Your system administrator may be using Mobile Device Management (MDM) software or endpoint management software. Both cybersecurity tools enable remote monitoring and control of devices used by employees.
MDM software is used for laptops, smartphones, and tablets. That includes employee-owned devices when the employer has a bring-your-own-device (BYOD) policy that allows employees to use their devices for work and store company information on their devices.
Endpoint management software is a more comprehensive tool. It works with every device connected to the company network, including servers and desktop computers.
With the popularity of BYOD and the increased incidence of employees working at home since the early stages of the pandemic, even fairly small businesses need some control over all the devices that are used for the benefit of the business. No employer wants a former employee to be in possession of a device that contains proprietary information, confidential information, a customer database, a price schedule, etc. For that reason, MDM and endpoint management software is capable of remotely wiping all types of devices. Many programs can just erase company information while preserving employees’ personal content on devices they own.
To learn more about these cybersecurity management tools, read our articles, “11 Best Mobile Device Management (MDM) Solutions for 2022,” “Unified Endpoint Management: Guide & UEM Tools,” and “The Ultimate Guide to BYOD Solutions & Software for 2022.” These comprehensive guides explain what the tools are, how they work, and which tools are the best.
If you are an employee and you used your now missing personal laptop for work, check with your IT system administrator to see if the company’s software can be used to wipe the laptop.
Find and lock a missing Windows computer
If your location is turned on in Windows, and you have a Microsoft account, Microsoft can locate your computer and give you the opportunity to lock it. This capability must be turned on in Windows. To do that:
- Open PC Settings.
- Click Update & Security.
- Click Find my device in the left-hand windowpane.
- See if Find my device is turned on. If it is, you’re set. If not, follow the instructions to change it.
With Find my device turned on, you can secure your files and data and notify the police if the computer is stolen. This works with desktop PCs and laptops.
When your computer is missing, you can go online with another device to learn the current physical location of your computer and protect it… if it is connected to the internet. To do that:
- Sign in to your Microsoft account on this page.
- Choose the Find My Device tab.
- Choose your computer by name.
- Select Find. You will get a map that shows where your computer is.
- To remotely lock your computer, choose Lock.
- Click next.
After your computer is locked, Microsoft gives you the option of resetting your password. That gives even greater security, especially if the thief knows or can guess your password.
Although this method won’t wipe your drive, it does make everything on it inaccessible. It is the cheapest and easiest solution. Even better, it may give the police an opportunity to recover your laptop. If they do, you have the advantage of still having all your files.
How to remotely wipe or lock a laptop with Prey
The Free version of Prey is essentially an alternative to Microsoft’s “Find my device.” To use Prey, you must have your location turned on in the Windows settings, but you do not have to have a Microsoft account. An additional benefit to Prey is that versions are also available for MacOS, Linux, Android, and iOS. You could cover multiple types of devices with it.
To use Prey, download the appropriate version for your operating system (32-bit or 64-bit). Install the software. Follow these steps:
- Let the Windows User Account Control accept the installation file.
- Accept the license agreement.
- Note that the default installation location, “C:\Windows\Prey is unusual,” as most programs install into a program files folder. Prey installation is buggy, and you may experience problems, so assume Prey has a reason for this and stick with the default location.
- You’ll see that (online) setup is required. Click Finish to open the setup website.
- Complete the registration.
- Groan and complete the captcha.
- Wait for the connection to Prey’s servers.
- Prey will send you an email message.
- Open the message and click on the link to activate your account.
- You’ll see a large blue space, which is a blank map. You will see three vertical tabs at the far left of the screen. The Devices tab is open and showing an icon for your computer. Click on the icon.
- That action brings you to a screen that shows where your computer is. In the example, you see UNKNOWN LOCATION because Location is turned off in Windows. Assuming you turned Location on before installation, you should see your actual location.
- You have completed setup, but you can choose from the options in the other two tabs if you wish. You can also install the program on other devices and view all of them on this screen. You are allowed to use three devices with the Free version.
Observe the capabilities of the program. Under your computer icon is a large red button labeled SET DEVICE TO MISSING. If you need to return to Prey because your computer is missing, you would click that button. If your missing computer is not connected to the internet, Prey is not going to be able to help you. Check back often.
If Prey finds your missing computer, you can choose from the actions under Device Control on the right side of this screen. You’ll see that the Data Security options are only available with the Pro version of the program. They could not be used with the Free or $5/month Prey Personal versions.
The most valuable tool in the Free version is Lock Device. That tool will prevent the possessor of your computer from accessing anything on it. The map you would see on this screen is also useful. If you can pinpoint the location of your computer, you can send a screenshot to the police in that jurisdiction. They may be able to recover your computer. Prey locating the predator is probably the greatest value of this software/service.
What if a thief wipes your computer?
None of the tools described above will protect your data if a thief wipes your computer and installs a fresh version of Windows. You can use one or two strategies to prevent that.
The first is to protect your computer’s UEFI (BIOS) with a password. How to do this will vary depending on the brand and model of your computer or motherboard and the BIOS. The BIOS is a low-level operating system that installs and loads Windows. You can often enter the BIOS by pressing the Delete key or F2 after rebooting, but check your computer or motherboard manual.
You should find security settings in the BIOS. It may be in the main menu. You can set an administrator password or a user password. The instructions should be on the password setup screen. BIOS password protection may prevent a thief from wiping your computer.
A BIOS password is not the same thing as a Windows password. A BIOS password requirement will halt your computer before the startup procedure. The BIOS is programmable firmware on a chip on your motherboard. The Windows password prompt occurs at the end of the boot process.
If you use a BIOS password or a Windows password, sophisticated thieves can hack it. That makes the second strategy, drive encryption, more effective.
Protecting devices with full disk encryption
Encryption encodes data by scrambling it during encryption and decoding it during decryption. The encoded data is gibberish that cannot be read or translated by anyone without a password or key. The common standard for encryption is called AES-256. Weaker and stronger methods of encryption also exist.
You can encrypt one or more drives or partitions on a computer. A typical business laptop would only have one solid-state drive (SSD) with no partitions.
You do not need to buy any software to encrypt a drive(s). You may be able to use BitLocker in your version of Windows. BitLocker is part of the Windows 10 and 11 Pro, Enterprise, and Education versions, but even if you have it, you may not be able to use it.
Microsoft explains, “For BitLocker to use the system integrity check provided by a Trusted Platform Module (TPM), the computer must have TPM 1.2 or later. If your computer does not have a TPM, enabling BitLocker requires that you save a startup key on a removable device, such as a USB flash drive.”
TPM is security hardware. TPM 2.0 is required for Windows 11, so you know you have it if your computer is running Windows 11. If your computer is more than six years old, it probably has an earlier version of TPM.
BitLocker is not included in the Home versions of Windows 10 or 11. The Home versions have Windows Device Encryption, which is also not available on all systems.
If you are getting a headache from these confusing requirements and limitations, you can use a third-party encryption program instead. See our article, Encryption Resources: A Big List of Tools and Guides. In our article, Best Disk Encryption Software – the 5 top tools to secure your data, Paul Bischoff chooses VeraCrypt as the best program. VeraCrypt is a free, open-source disk encryption program that runs on all operating systems. VeraCrypt’s beginner’s tutorial has illustrated instructions. It takes you through 19 steps, which is more cumbersome than BitLocker and also more technical.
Are remote wiping or locking capabilities and full disk encryption worthwhile?
The answer to this question depends on your other cybersecurity practices and how much you have to lose if your computer is stolen. Comedian Woody Allen said, “Just because you’re paranoid doesn’t mean they aren’t out to get you.” Cyber thieves are out to get you. Companies in the protection business aren’t the only ones who say that; law enforcement and other government officials are among the unbiased experts who acknowledge and often experience the threats.
If you use your computer for work, at least one of these preventative strategies is probably essential unless your employer already has the capability of protecting its information. If your computer only contains personal files and information, weigh the considerations raised in the rest of this article.
Passwords are a nuisance. They are also a risk because if you lose, forget, or can’t access the password for an encrypted drive, you are locked out.
If you have lax, lazy, or uninformed cybersecurity behaviors, your need for one or more of these strategies is much greater. Risky practices include:
- letting your browser remember usernames and passwords for secure sites, such as financial institutions or healthcare providers;
- letting your browser remember usernames and passwords for online email services;
- bookmarking porn sites, illegal gambling sites, illegal file-sharing sites, or sites that you would rather not have anyone know you visit;
- not protecting confidential business documents with passwords or encryption;
- not cleaning browser cache;
- storing tax returns on your computer;
- having your Social Security number anywhere on your computer;
- saving and not protecting embarrassing photos; and
- letting your browser remember usernames and passwords for social media sites.
The above list is not comprehensive. A thief in possession of your computer can harm you in many ways, especially if the thief is someone you know. These are some of the possibilities:
- Identify theft. All a thief needs is your name, address, phone number, email address, and Social Security number; most of that is on your résumé.
- Financial theft. If a thief can get into your bank, credit union, or brokerage accounts, they can transfer money elsewhere.
- Blackmail. If a thief finds anything illegal or embarrassing, he or she can cause you great personal and possibly professional harm.
Some of your files have financial value, such as media you have purchased. Other files are priceless, such as family photos. If you have everything backed up, your loss is limited to the computer itself. Replacement of a computer is often covered by homeowner or renter insurance policies.
Remote wiping capability, remote locking capability, and full disk encryption are also forms of insurance. Insurance costs time and money. However, if you already have a Microsoft account and have your computer’s location turned on, the minute you will spend turning on Find my device is highly worthwhile.