- Created: Monday, 11 April 2022
- Written by Tim Nicholls
For many years businesses have been increasing the security of their devices, by creating password policies, then making the password requirements more complex and latterly adding multi-factor authentication into the mix.
This has led to many organisations assuming that because they have enforced a fiendishly complex password policy together with the use of an MFA app, in the event of that device is lost or stolen, the data is inaccessible to the thief or finder.
If an attacker has physical access to a device, it is quite easy to bypass the password protection and access the data on the device. However, there is a solution that is built-in to most modern devices but requires configuring - Device Encryption.
When device encryption is enabled, the storage unit in the device is encrypted with a strong cryptographic algorithm and a special recovery key is generated. If there is an attempt to bypass the security on the device, perhaps by removing the storage media and putting it in another computer, the attacker won’t be able to access it without that recovery key. On a Windows computer this is called Bitlocker and on a Mac it is called FileVault.
That now makes the Recovery Key itself very important and needs to be stored securely. If there is a change to the device, the user may be prompted to enter the recovery key when starting the device up. Lose the key and the device is unusable, the only option is to reformat the storage device and start from a clean fresh installation. For a business, managing a fleet of devices, making sure that encryption is enabled, and that the recovery keys are stored in a safe location is essential.
At telanova we enable laptop encryption for our customers, monitor the status, and ensure that the recovery keys are kept separate and secure. Some customers have security requirements that mean desktops need encryption, too, especially if they are located in areas where the public have access, such as showrooms. Furthermore we ensure that our customer’s data is securely backed up to the cloud, so that should the unthinkable happen, their data is protected.