Revised: 14 December 2008
Added: 26 February 2004
w4mp website is grateful to the Serjeant at Arms Department for providing this security guide. It was first distributed in December 2003. Any queries should be pursued through the contacts mentioned below.
There has been a spate of laptop security scandals in the news in recent years, many involving government departments and the loss of highly sensitive personal data of thousands of members of the public. If you use a laptop for work, losing it or getting it stolen could compromise the confidentiality of your own work and of your constituents’ personal details.
The information below provides a number of laptop theft prevention “best practices”, which should be adopted to reduce the risk of theft of IT equipment and associated data, from public and other vulnerable areas both within the parliamentary estate and whilst working remotely.
Please remember, that it is not just the inconvenience to the user and the cost of replacement which must be considered, but more importantly all the information contained on the machine, both business and personal, may be available to an unauthorised individual.
If you require clarification with any of the recommendations, please contact the Crime Prevention Officer or the IT Security Officer, via the Palace main switchboard: 0207 219 3000
Use of Laptops and other portable IT equipment:
Due to the risk of loss or theft of portable IT equipment, such as laptops and Personal Digital Assistants (PDA), all users are recommended to adopt the following security best practices. Portable IT equipment is, by its very nature, compact and easy to transport; therefore, if the proper controls are not implemented, such items are susceptible to theft. Do not forget, it is not just the physical item that could be stolen, but all of your Parliamentary and personal data. The IT equipment itself can be fairly easily replaced, but if you have not taken a recent back up of your data, it is extremely unlikely this will be recoverable.
Best Practices to reduce the risk of data loss or unauthorised data access:
- Take regular data back ups; do not forget to test a restore periodically
- Do not keep your data back ups near the IT equipment. If the laptop is stolen or destroyed in a fire, the back up would be destroyed too!
- Choose a strong password that is easy for you remember for hard for others to guess.
- Do not share this password and do not write it down
- Use a security cable at all times to reduce the risk of laptop theft
- Ensure portable IT equipment is included in the asset register
- Property mark the equipment overtly or covertly
- Only use a standard screensaver
- Use a power on password
- Consider installing disc and/or email encryption software. If someone should get your laptop and gain access to your files, encryption can give you another layer of protection. With Windows XP and Windows Vista you can choose to encrypt files and folders. Then, even if someone gains access to an important file, they can’t decrypt it and see your information.
- Lock your screen when leaving your desk, even for a few minutes (Ctrl/Alt/Del)
- Log off correctly, power off and lock your laptop away at the end of the working day
Whilst travelling or working remotely from the Parliamentary Estate:
- Ensure that when using your IT equipment in a public place, the contents of the screen cannot be overlooked and the information gained by an unauthorised individual. If this is difficult, consider investing in a screen guard; these guards help prevent people from peeking over your shoulder if you do have to work on sensitive information in public. This is especially helpful when you’re travelling or need to work in a crowded area.
- Carry your portable IT equipment in an anonymous bag/case
- Ensure you regularly update your anti-virus software; there are approximately 500 new viruses appearing each month
- Do not bypass your anti virus software, it is there for your protection
- Ensure your personal firewall is active prior to using the Internet
- Do not load unauthorised or unlicensed software
- Do not leave unattended in a motor vehicle, not even locked in the boot!
- When in a hotel or conference centre, use a security cable to secure the device or leave in a secure room provided by the establishment
- Avoid taking your laptop “to the pub”, but if you cannot make alternative arrangements, when visiting restaurants, cafes, bars or waiting at stations, airports, ensure you keep your laptop in close proximity and in sight at all times
- You should not allow any unauthorised person, even a family member, unobserved use of the laptop. This will increase the risk of Parliamentary and personal information being copied, altered or even deleted, perhaps in error.
- Avoid the risk of liquids being spilt into the laptop, this could cause a major problem with data recovery
- Do not use or locate your laptop near an open, ground floor window