A variation of folder-level encryption is virtual disk encryption (VDE), in which a single disk file contains a virtual disk image that the user can mount when needed; this virtual disk collects all sensitive files in one location. Microsoft's BitLocker offers this feature in all Vista editions, as well as in Windows Server 2008 and Windows XP. Third-party products such as PGPDisk and even free open source software programs such as TrueCrypt have VDE capabilities. Many of these third-party utilities are easier to use than BitLocker, so they can save you some implementation expense.
Another form of partial disk encryption is to apply encryption to specific files, typically those residing on corporate servers that users want to open locally. In this approach, users must enter a password every time they open a protected file. IT not only is on the hook to ensure that all sensitive files get encrypted but also has no way to stop users from simply saving the opened file as an unencrypted copy. Still, this protection is better than nothing and is widely available via free disk utilities. But key management can be a problem, and these file-level encryption tools generally don't support multifactor authentication.
But the best plan B to TPM-enabled full disk encryption isn't any of these partial disk methods. The best plan is software-only full disk encryption, in which either the operating system or a third-party program performs the same encryption as with TPM but uses another method to store the encryption keys, such as a thumb drive or a smart card.
The good news is that virtually all-TPM full disk encryption suppliers' offerings, including BitLocker, can operate in this software-only mode, which relies on a removable hardware token so that you can use this approach for your non-TPM devices while having a consistent encryption method to manage across all your laptops.
It's true that software-based full disk encryption is less secure than if you have a TPM-equipped laptop: The entire drive can still be encrypted, but a determined hacker will have more opportunities to gain access through compromised keys. For example, if the key-storage token is left with the notebook computer (how likely is that?), the hacker may be able to simply plug the token in and gain access to the drive contents. Even multifactor authentication in this scenario is subject to attack by inspection, since the key token is not tightly bound to the system motherboard.