How to Buy a Secure Business Laptop

How to buy a secure business laptop

The best secure business laptops ensure private data remains private using a combination of hardware, software, physical connections and cutting-edge technology. Follow these steps to make this purchase for your business:

1. Consider your needs. What data does your company need to protect? What laptop features will best help you accomplish these goals?
2. Research the options. Spend time researching devices that meet your needs via online merchants and in person at computer stores. Look up reviews of the products on consumer websites to see how users feel about the devices.
3. Test the equipment. If possible, ask the laptop provider or manufacturer for a demo of the laptop and its features. Use this opportunity to ask questions about using the device and address any concerns you have about its protection features.
4. Purchase and implement the device. Once you’ve settled on the laptop, purchase the number of devices necessary for your company. Consider whether all employees need a secure laptop and train those workers on the security features. [Related article: Why You Shouldn’t Cheap Out on Business Laptops]

Key attributes of secure business laptops

Poor access management leads to the majority of cyberattacks. The security features to shop for are: biometrics, smart card reader, encryption, lock slot and secure management.

Biometrics

Biometric security features let you keep your laptop locked down using your own body. These options are more secure than even the strongest password you can create, as they can’t be guessed. Today’s biometric systems come in two main varieties: fingerprint scanners and facial-recognition cameras.

• Fingerprint scanner: The most common tool for biometric authentication is a built-in fingerprint scanner, allowing you to log in to your laptop with your finger. This is usually incorporated into either the trackpad or the power button, though third-party scanners can also be bought and plugged into a USB socket.
• Facial recognition: This type of biometric authentication is being used everywhere, including device unlocking and targeted facial recognition advertising. Tests show this technology is more accurate than a fingerprint scanner because the 3D sensor can’t be fooled by a flat reproduction. Many non-Apple devices rely on Microsoft’s Windows Hello service, which is biometric technology used on most of its Surface laptops, and third-party products from ASUS, HP, Razer and Dell.

Smart card reader

A smart card reader is a strong alternative to both traditional passwords and biometric authentication. To log in to a protected laptop, users must insert a physical security card, then enter a PIN. From there, the smart card communicates wirelessly with the laptop to log you in.

Smart card readers are generally available only on business laptops, including an array of Dell, Lenovo, HP and ASUS machines. If they’re not installed as a standard feature, a modest upgrade costing less than $20 may be enough to add a card reader to your preferred device. Alternatively, external smart card readers pair with your PC via USB port.

Smart cards are typically used in enterprise scenarios, where a large company provides laptops to its employees. However, it is possible to order your own smart card by applying for one online.

Encryption

Encryption keeps data on a laptop safe by making it unreadable for anyone who lacks the password required to decode it. It’s important to encrypt your data even if a login password screen protects your computer, since that line of defense will be useless if someone steals your laptop. The hard drive can simply be plugged into another PC to access any stored data. 

Advanced users can encrypt their files using third-party software, but Microsoft’s BitLocker service is a good option for the average worker using a Windows laptop. It encrypts your files by working with a special chip, called a Trusted Platform Module, attached to some laptop motherboards. Here’s what you’ll need to access BitLocker. 

• Windows Professional: BitLocker is only available on the pricier Pro, Enterprise and Education versions of Microsoft’s Windows 10 and 11 operating systems. This full-volume encryption platform uses Advanced Encryption Standard (AES) encryption on each sector of a hard disk drive. 
• Trusted Platform Module (TPM): This blocks thieves and attackers from accessing data unless they have access to a special password, which is partially stored on your computer’s internal drive and partially stored on the TPM itself – a form of two-factor authentication. Since each TPM chip has built-in tamper protection, a thief can’t place the drive on another motherboard to bypass the encryption. 

You don’t have to be tech-savvy to use a TPM; if your computer comes with one, it will automatically encrypt your data. If you ever need to access the full password to recover your files, you can view it inside your BitLocker vault, which is available after logging in to your Microsoft account. Read our small business guide to computer encryption for more information.

Lock slot

Securing your data is essential, but so is preventing a device from falling into the wrong hands. Many business laptops come with a special metal hole called a Kensington lock slot, which lets you physically chain your system to your desk with a cable. Like bike locks, the cable can only be removed once a four-digit combination code is entered or a key is used. The cables themselves are typically carbon steel wrapped in cut-resistant plastic, requiring a saw and a great deal of effort for a thief to slice through. 

Secure management

Secure management technology is mandatory for employers who are responsible for keeping company systems up to date. It enables business owners to track, locate or wipe those systems if they’re lost or stolen. Countless third-party desktop management suites can meet the needs of your business, providing unified endpoint management for laptops, phones and tablets.

An example of remote management is the Intel VPro range of hardware features. It can run software and group policy updates even when a system is turned off, which is helpful whether you need to locate the system, restrict access to it or wipe it clean if it’s been lost or stolen. [Learn the top ways to share files securely.]

Why you need a secure business laptop

Don’t be one of the businesses with lax cybersecurity. As a business owner, you are responsible for confidential data about your company, employees and customers. It is vital to keep this information safe – otherwise, you may face financial, reputational and practical consequences as the result of violating legislation or a data breach. A secure business laptop – for yourself and your staff – is one of the best ways to protect your company’s data. Be sure also to read how to mitigate the costs of a small business data breach and follow these quick cybersecurity tips.

Brett Nuckles contributed to the writing and research in this article.