By now, we're all getting desensitised to horror stories about missing hard drives full of private information. When you hear that another 20,000 customers of a less-than-careful company are at risk of identity theft, you probably roll your eyes. And it's hard not to enjoy the irony when government officials entrusted with the security of the nation get caught out by something as simple as a forgotten laptop.
But why haven't they learned their lesson? And, perhaps more pertinently, why is such critical information being allowed to leave the premises or the (presumably secure) confines of the civil service network in the first place?
It's not an issue that's confined to large organisations, of course. In fact, in small companies, there's likely to be a more loosely applied IT policy with regards to the comings and goings of laptops, the copying of files to and from USB keys for convenience and other more haphazard methods for backing up and archiving documents.
Do people really need to take the entire output of their time employed with a company with them on each and every business trip? They almost certainly don't; nor should they be allowed to.
Many companies give their staff free rein to install whatever they like on their PCs. As a result, work PCs and laptops end up filled with photos, music and other non work-related items. Vying for space with all this clutter, there's generally some pretty important stuff - the sort of thing you don't want someone to casually acquire.
Having a policy that involves storing everything on a central server - and enforcing it - can help ensure files that shouldn't leave the office don't leave the office. But even small companies that lack such a structured setup can secure their data by backing it up to encrypted drives. Thankfully, such drives are now easy to come by, reasonably priced and simple to understand and set up.
In fact, as well as avoiding complex setup software, they can make things easier for your PC. Hardware-encrypted drives offer a performance boost over encryption that relies on software running on Windows.
Whereas encryption software asks the PC's processor to do the number-crunching, encrypted drives use special processors, built into their housing, that scramble data as it's written to disk. Models such as Seagate's Maxtor BlackArmor hardwire the chip into the hard-drive circuitry in what's called full-disk encryption.
Such drives are popular in corporate laptops, but it's a feature that is only now becoming widely available in external drives.
There's also a lot to be said for choosing a biometric or otherwise security-enabled laptop, of course, and many models from manufacturers such as Dell, Acer, HP and Toshiba can be configured with fingerprint readers built in. And if you're in the market for a storage drive that has Fort Knox-like security levels, you'll be reassured to learn that incremental backups shouldn't take noticeably longer than with a regular external drive.
Encryption is also far simpler with these devices: once you set one up and enter a PIN or password, you can copy data to the drive normally, via Windows Explorer or by saving a file to the disk within an application.
Some of the devices we tested allow you to enter the passcode by means of physical buttons or keys located on the exterior of the drive housing. Others require you to enter a password into a small Windows applet that launches when you connect the drive.
Secure hard drives: data access
Bear in mind that not all encrypted hard drives offer their custodial functions outside the Windows environment. Most will work as standard backup drives for Mac and Linux machines, but the encryption is generally written only for Windows. If you intend to use one or more non-Windows operating systems (OSes), consider the Amacom and Lenovo models, as each has a physical keypad.
As with all encrypted drives, the data on the platters (or, in the case of flash drives, on the memory chip) is unreadable to anyone who lacks the password or the physical key.
Even if someone tries removing the platters from the housing and scanning them with forensic data-recovery tools, the recorded bits will appear to be random, meaningless data, unlockable only with the right key.
Most encrypted drives use one of several standard, well-known algorithms. The most common is Advanced Encryption Standard (AES), which is favoured by the US government and the military. FIPS 140 is a very general US government encryption standard that ensures that products follow certain security protocols. Level 1, the lowest of four, simply means 'no glaring errors or omissions were present'.
Anything that uses 128- or 256bit AES is compliant with FIPS 140-2 Level 1. Less common are drives that use the older Digital Encryption Standard (DES), or its cousin, Triple-DES - both are significantly weaker algorithms, although they're effective protection against casual snoopers.
We evaluated a selection of models, including hard drives and flash drives. While the whisper-quiet Seagate Maxtor BlackArmor was our Best Buy, our overall impression of all the drives was positive. They were uniformly easy to install and fast at performing backups, which meant we wouldn't hesitate to use them for a more secure backup routine.
Regardless of which model you choose, if you inadvertently leave the drive behind on the train, you can be confident that whoever finds it won't be able to retrieve your secrets. That's assuming you haven't attached the password to the drive with a Post-It Note, or left the decryption key plugged into the back. These devices eliminate many security worries, but can't prevent careless behaviour.
Secure hard drive reviews Amacom Data Locker Pro review Apricorn Aegis Vault review Kingston DataTraveler Vault Privacy Edition review LaCie d2 Safe review Lenovo ThinkPad USB review SanDisk Cruzer Contour review Seagate Maxtor BlackArmor 320GB review