The best work laptop is one that can keep your private data private. Software, including antivirus protection, is important, but what hardware features will make you more secure? Here's a rundown of the security features to look for when buying a new business laptop.
Biometric security features let you keep your computer locked down using your own body. These features are generally more secure than a simple password, since they can't be guessed. Biometrics come in two main varieties: fingerprint scanners and facial-recognition cameras.
Fingerprint scanner: The most common tool for biometric authentication is a built-in fingerprint scanner, which can let you log on to your workstation with your finger. Look for a model with a single-touch sensor; older models often require you to slide your finger down over the fingerprint scanner, which doesn't work as reliably.
Facial recognition: This category of biometric authentication is relatively new, and only a handful of laptops are capable of doing it securely. Specifically, you'll want a system that comes with a built-in Intel RealSense 3D camera, which can log you in just by recognizing your face. Tests show that the technology is even more accurate and secure than a fingerprint sensor, since the 3D sensor can't be fooled by a flat reproduction.
Smart card reader
A smart card reader is strong alternative to both traditional passwords and biometric authentication. To log on to a protected system, users must insert a physical security card, then enter a PIN number. From there, the smart card communicates wirelessly with the laptop to log you in.
Smart card readers are generally available only on business-class laptops, and even then, they don't necessarily come standard. Many computers in Lenovo's ThinkPad line, as well as in Dell's Latitude line, can be upgraded at checkout to include a smart card reader for less than $20 extra. You can also pick up an external smart card reader, which pairs with your PC via USB.
Smart cards are typically used in enterprise scenarios, where a large company provides laptops to its employees. It is possible to order your own smart card by applying for one online, however.
Encryption keeps your data safe by making it unreadable for anyone who lacks the password to decode it. It's important to encrypt your data even if your computer is protected at login by a password screen, since that password screen will be rendered useless if someone steals your computer; at that point, your hard drive can simply be plugged into another PC and your data accessed directly.
Advanced users can encrypt their files using third-party software, but Microsoft's BitLocker service is by far the best option for the average worker on a Windows laptop. It encrypts your files by working in conjunction with a special chip, called a Trusted Platform Module, located inside your computer. Here's a quick breakdown.
Trusted Platform Module: A Trusted Platform Module, or TPM, is a special security chip that comes attached to some laptop motherboards and enables hardware-based encryption for your files. In other words, it blocks thieves and attackers from reading your personal data unless they have access to a special password, which is partially stored on your computer's internal drive and partially stored on the TPM itself. That way, no attacker can view your files by simply stealing your drive or by accessing it remotely. And since a TPM chip has built-in tamper protection, a thief can't place the drive on another motherboard to bypass the encryption.
You don't have to be tech savvy to use a TPM; if your computer comes with one on board, it will work automatically to encrypt your data. If you ever need to access the full password to recover your files, you can view it inside your BitLocker vault, which is available after logging into your Microsoft account online.
Windows Professional: BitLocker is available on only the pricier professional versions of Microsoft's Windows operating system. Specifically, it works on Windows 7 Ultimate or Enterprise, Windows 8 Pro or Enterprise, or Windows 10 Pro or Enterprise. If you buy a new laptop that comes with Windows 10 Home installed, you can pay a flat fee of $99 to upgrade to Windows 10 Professional. Any new laptop that comes with a TPM probably also comes with Windows 10 Pro installed, though, so BitLocker should work out of the box.
Securing your data is important, but how do you protect your physical laptop from thieves? Many business-class notebooks come with a special slot – called a Kensington lock slot -- that lets you physically chain your system to your desk with a cable.
Kensington cables are extremely durable and secured with a four-digit combination lock – the same kind you might see on a briefcase. They usually cost between $30-$50, but make sure your laptop has a compatible slot before picking one up.
Software and hardware management isn't likely to be a priority for independent workers. But if you need to deploy PCs to your employees, secure management technology is mandatory for keeping company systems up to date and running the right software. It also enables you to track, locate or wipe those systems if they're lost or stolen. There are countless third-party computer-management suites that can meet the needs of your business, but choosing one is beyond the scope of this guide.
One extra hardware feature to look for is Intel VPro, which is an umbrella term for a variety of security features, including one that gives you access laptops at the hardware level. That makes it possible to run software and group policy updates even when a system has been turned off. The ability to manage a powered-down system also helps when you need to locate the system, restrict access to it, or wipe it clean if it's been lost or stolen.