In yet another laptop theft involving a high-profile figure, security experts have concluded that despite the use of password protection, it will be "child's play for thieves to access sensitive data" on the Duchess of York's stolen laptop.
A laptop belonging to the Royal Family used to transport pictures of the Duchess, her two daughters and ex-husband Prince Andrew to a photography studio was subsequently swiped in a break in. The consensus by various experts is that data on the laptop is effectively compromised, since it is a small matter to remove the unencrypted hard disk to directly extract all the digital files on it.
Contrary to popular belief, securing digital files is not as arcane or expensive as imagined. In fact, we recently covered an innovative solution from Lenovo to protect laptops, as well as the use of full disk encryption on laptops.
For SMBs loath to invest for the infrastructure or pay the steeper prices associated with purchasing encrypted hard disks, I would advocate getting an encrypted USB flash drive such as the IronKey.
The IronKey works by packing a built-in chip, "crypto," that is used for encryption and authentication. The password will be prompted for when an IronKey is plugged into a USB slot, and the password is directly verified by the crypto hardware, which makes the solution hardware-based and extremely robust. The actual drive letter for storage on the flash drive will be exposed only upon the correct password. As an added protection, the encrypted key used to protect the data will be deleted upon 10 consecutive wrong passwords, rendering all on-board data useless.
I've had my IronKey for almost a year now, and it has worked flawlessly. While not exactly cheap compared to run-of-the-mill flash drives, I feel that the $100 or so price range is reasonable enough for SMBs for its 1GB or 2GB versions, which should be more than adequate for typical office documents and files.
There are other similar solutions of course. Do get whatever works for you; just don't leave your important data unencrypted.