Security Features to Look for in New Laptops

This is a great time to invest in new notebooks. Windows 10, the long-awaited update to Windows 8.1, became available in late July 2015. And Windows 10 laptops, convertibles and detachables based on Intel’s 6^th-generation Skylake microarchitecture, which boosts device power and decreases power consumption, are now widely available as well.

In short: There are plenty of powerful, flexible, affordable mobile computers with long battery life to choose from.

The downside is that IT departments can get caught up in fast processors, low costs and cool new features when considering new business notebooks. As a result, they don’t make security the top priority it should be.

In a 2015 IDC survey of IT decision makers in five countries, performance was the most important feature that influenced a PC purchase, at 57.8 percent, followed by cost (57.4 percent), specs (28.8 percent), and in fourth place, security/network management (24.7 percent).

Meanwhile, enterprise IT is increasingly spending large sums of money adding security to laptops and other PCs once they’ve been acquired. In 2015, worldwide enterprises spent $4.5 billion on security software applications such as anti-malware, firewall and encryption, according to IDC. By comparison, enterprises spent $3.4 billion on endpoint security applications in 2010.

Why the disconnect, especially when many IT organizations are tasked with both securing the enterprise and keeping costs down? Simply put, some IT leaders continue to believe that adding software security to laptops after the purchase will be sufficient. Also, Windows Hello, a feature of Windows 10, provides additional options for authenticating users, such as fingerprint scans, facial recognition, or iris recognition.

But as cyber threats grow increasingly more intrusive and sophisticated, endpoint security that’s baked into mobile computer hardware and firmware may be the way to go. If you’re in the market for new mobile computers, look for business notebooks that include integrated hardware security features, such as:

* Preboot authentication. Unlike a Windows log-in password, some business-class mobile computers let users and administrators configure password protection in the system’s BIOS setup. The password is required immediately after powering on the laptop and before the OS boots, which helps protect against attacks that take advantage of a laptop’s ability to boot from a device that isn’t its primary storage drive.

* Hard drive password protection. Without local storage protection, hackers can remove an unprotected hard drive from a secure system and pop it into an unsecure system, thereby bypassing user authentication. Some business-class notebooks include hard drive password protection, in which the password is stored inside the drive itself and can’t be read; it can only be authenticated against.

* Self-encrypting drives (SEDs). Encryption is crucial to protecting data stored on a mobile computer, especially if it’s lost or stolen. Look for SEDs in business-class notebooks that encrypt data with either a 128-bit or 256-bit key. SEDs perform encryption much more quickly than software-based encryption, among other benefits.

* Secure data removal. Some business laptops offer BIOS-level data destruction tools, so that you can dispose of or redeploy the machine without inadvertently exposing sensitive data on its hard drive or SSD.

* Self-healing BIOS. Look for business-class notebooks with a self-healing BIOS that can automatically detect and recover from a corrupted or compromised boot block.

Remembering Where the Risks Are

When users leave the secure network perimeter, their mobile computers, and especially the data on them, can be vulnerable. Your best bet is to invest in laptops, convertibles, and detachables with advanced security built into their hardware and firmware—and, of course, with awesome new features, too.  

Underwritten by HP and Microsoft.