Archive for June, 2008

Where And How Do You Dispose Of Your Cell Phones and Paper Documents?

Monday, June 30th, 2008

Something I’m planning to do this summer with my sons is to do some dumpster diving, with the advice of my police and security services company owner friends, to see just how much personal information is left out for just anyone walking by to pick up and use, or misuse. We’ll also see about any cell phones that were just dropped in the dumpster or trash can…
How do you dispose of your cell phones? At work, and at home? And what do you do with the papers that contain personally identifiable information (PII) and other sensitive information when you throw them away? Are you more diligent at work? Or at home?
With this in mind, here’s another section from the third article in my June issue of “IT Compliance in Realtime“…

(more…)

Where And How Do You Dispose Of Your Computers, CDs, USB Drives, Etc.?

Sunday, June 29th, 2008

In the past few years I’ve performed over 100 information security and privacy program reviews for the vendors and business partners of my clients, and I have often found these contracted organizations have lax to non-existent to outragiously irresponsible computer and electronic storage device disposal practices. One of the “information security” policies for one of the vendors actually directed their personnel to try to sell their old computers and storage devices on e-Bay or other online sites in order to recoup some of the costs…this was in their “Information Disposal Security Policy”! It had absolutely no mention of removing the data before trying to sell the devices; the main intent was to recoup as much of the investment as possible.
With this in mind, here’s another section from the third article in my June issue of “IT Compliance in Realtime“…

(more…)

Where And How Do You Dispose Of Your Computers, CDs, USB Drives, Etc.?

Sunday, June 29th, 2008

In the past few years I’ve performed over 100 information security and privacy program reviews for the vendors and business partners of my clients, and I have often found these contracted organizations have lax to non-existent to outragiously irresponsible computer and electronic storage device disposal practices. One of the “information security” policies for one of the vendors actually directed their personnel to try to sell their old computers and storage devices on e-Bay or other online sites in order to recoup some of the costs…this was in their “Information Disposal Security Policy”! It had absolutely no mention of removing the data before trying to sell the devices; the main intent was to recoup as much of the investment as possible.
With this in mind, here’s another section from the third article in my June issue of “IT Compliance in Realtime“…

(more…)

More Wifi Security At Home Than At Work?

Friday, June 27th, 2008

Last week I posted about how, while driving my sons into town for Noah to attend band camp, they found 100+ wifi hotspots, and only 12 of them were secured according to their macbook lock icons.
This was in a primarily business area, with lots of small to medium sized businesses along the road, strip mall type of shops, and a large shopping mall.
This week while driving my sons into a different part of town for Heath to attend

(more…)

Disposal of Computers

Thursday, June 26th, 2008

Time to post some of the info from the 3rd of the articles from my June issue of “IT Compliance in Realtime Journal” before the month is over!
The 3rd article is “What to Tell Personnel: Disposal Security and Privacy.”
Here is a section from the article…

(more…)

Tools <> Technology

Wednesday, June 25th, 2008

I participate in the LinkedIn community, and I occasionally put out short “status” messages when I’m working on products, projects or going to provide training. My current “status update” statement is, “Rebecca is creating tools to support information security, privacy and compliance management and leadership.” (I’m really excited about these tools…I know they work!)
I received a message regarding this status update from one of my LinkedIn contacts. Here’s an excerpt…

(more…)

Tell Personnel How to Protect Mobile Computing Devices and Storage Media

Tuesday, June 24th, 2008

You can’t expect your personnel to know how to safeguard information and computing devices if you do not tell them *HOW* to safeguard them!
Humans are not born with an inherent instinct to automatically safeguard information assets. In fact, some folks seem to be born with a pre-disposition to fling caution to the wind when it comes to protecting information. Why else would someone drink three tall beers while working alone in a busy airport bar/restaurant and then leave their laptop completely unsecured on the table top to go somewhere else down the hallway out of sight for 30 minutes? (Saw this on a recent trip.) Yes, I know the alcohol had some impact on their decision-making, but think about all the folks in your organization who have a tendency to do risky activities even without the influence of alcohol.
The fourth section from the second article in the June issue of my “IT Compliance in Realtime Journal” discusses why all organizations must provid training and ongoing awareness communications to their personnel for how to protect mobile computing devices.
You cannot expect your personnel to know how to safeguard information and mobile computers if you do not provide them with training and ongoing awareness for how to do it! Deja vu…did I already say this? You bet; and I’ll probably say it a few million times more in my lifetime because it is so important, yet so seldom considered!
Here’s an unformatted version; you can download a much nicer PDF version of it with the entire June Journal

(more…)

Make Your Personnel Aware Of Mobile Computing Security Requirements

Monday, June 23rd, 2008

If you don’t encrypt sensitive and personally identifiable information (PII) on mobile computers, you are at very high risk of having that information breached. It seems that laptops practically scream “Take me!” to any potential swindler who happens to pass by. Yet one more in the daily news reports about mobile computer thefts provides a good example of this; “World’s Largest Telco Admits – We Didn’t Encrypt Laptop Data
The third section from the June issue of my “IT Compliance in Realtime Journal” discusses why all organizations that use mobile computing devices for business purposes must ensure their personnel know and understand how to use mobile computers in a secure manner. You cannot expect your personnel to know how to safeguard information and mobile computers if you do not provide them with training and ongoing awareness for how to do it!
Here’s an unformatted version; you can download a much nicer PDF version of it with the entire June Journal…

(more…)

Six Ways Organizations Can Lessen Mobile Computing Risks

Friday, June 20th, 2008

Geesh, every single day there is at least one news report about a stolen or lost mobile (laptop, notebook, PDA, Blackberry, etc.) computer! Today one of the reports was about a laptop computer, containing cleartext information about 11,000 hospital patients, that was stolen from a doctor’s home in Staffordshire, U.K.
A couple of days ago I posted the first section from the second article in my “IT Compliance in Realtime” journal issue for June.
Here’s the second section from that article…

(more…)

Mobile Computing Security Problems Exist Throughout the World

Wednesday, June 18th, 2008

Every day, literally, I read news reports about lost or stolen laptops. Today is no exception. The news report, “A Misconfigured Laptop, a Wrecked Life,” chronicles how one man had his first work laptop stolen, and then he was fired when the second work laptop he was issued as a replacement was found to have pornography on it…either it was pre-loaded when he got it, or lack of prevention software allowed someone to remotely load it on his computer while he was online.

(more…)