Recently, a small medical office posted a rudimentary breach notification informing the public that thieves had stolen a laptop from their office. They emphasized a couple times not to worry because the Windows laptop needed a password to log into it. That’s great but anybody with some computer skills can remove the hard drive, slave it to another computer, and access it like a big thumb drive. The ability to do this comes in handy if your computer is not functional, you were not doing backups, and you need the data off it. Unfortunately, without laptop encryption, this also comes in handy for identity thieves to get data easily off it.
Enter the importance of Windows Bit locker for laptop encryption in your medical practice. The following information applies to desktops too but let’s concentrate on the bigger risk, laptops being lost or stolen.
Encrypting the data on your practice’s laptops is easy with Windows 8 or 10 Pro. In File Explorer, you right click on the C: drive and left click “Manage Bit locker”. Choose to turn on Bit locker and go through the prompts. During this process, the prompts will be ask you to save your recovery key. You can’t save it to the local drive so I usually “print” to a pdf and then save that to a shared drive. You can physically print it out but do not put in laptop bag because that defeats the purpose of securing the drive in the first place! Then, you need to reboot to start the drive encryption.
The recovery key comes into play if Windows detects a hardware change from the last time it was shut down. This is a security measure to prevent someone from trying to access data on the hard drive. But sometimes it’s a false positive where you innocently connected something to computer between shutdown and startup.
One caveat is your laptop needs to have something called TPM. This involves a separate chip but most business class laptops have this. Don’t know if you have business class laptop? Well I will leave that to another blog . . .