Your laptop data is not safe. So fix it.

The largest single type of security breach is the stolen or lost laptop, according to the Open Security Foundation, yet these computers are among the least protected of all IT assets. The costs of a data breach can be huge, including the loss of trade secrets, marketing plans, and other competitive information that could have long-term business damage, plus the immediate costs of having to notify people if their personal information was possibly at risk from the breach. Particularly in a recession, enterprise management can't afford to take these risks lightly.

There is a way for IT to protect those laptops and the confidential information they contain: encryption. Without the combination of password security and encryption, any halfway-competent hacker has no problem siphoning hard drive contents and putting it to nefarious use.

[ Stay up to date on key security issues and solutions in InfoWorld's Security Adviser blog. | Keep abreast of the latest mobile developments in the Mobile Pulse blog. ]

Perhaps the most important advantage of full disk encryption, though -- beyond the peace of mind it gives your business's lawyers -- is the "safe harbor" immunity that accrues under many data privacy regulations. For example, credit card disclosure rules don't apply to encrypted data, and even California's strict data-disclosure statute makes an exception for encrypted records -- provided you can prove they're encrypted. That's trivial with full disk encryption but not so easy with partial encryption techniques, which depend on user education for safe operation.

A key challenge for IT in deploying encryption on its laptops is the sheer number of encryption options available. Some Windows Vista editions, as well as the forthcoming Windows 7, support Microsoft's built-in BitLocker encryption, and numerous third-party encryption products cover the range of mobile operating systems from XP through Windows 7, Linux, and Mac OS X. Encryption granularity is widely variable as well, ranging from protecting individual files to encrypting virtual disks to deploying fully armored, hardware-based full disk encryption. Prices range from free to moderately expensive.

If you've put off laptop data security due to perceived technical shortcomings or high costs, you need to take another look at the field -- before you lose another laptop.

The maximum encryption protection possible: TPM

Ideally, you'll deploy the full-metal-jacket approach to laptop data protection: full disk encryption using the Trusted Platform Module (TPM) technology. If you can afford the cost, waste no time with inferior methods. All you need is a laptop containing a TPM security coprocessor and, optionally, an encryption-enabled hard drive from one of the major hard drive manufacturers.