Yesterday EARTHtimes, which appears to be a general news site, carried a story with a cute title that caught my eye, “Don’t be a turkey: Protect your laptop during holiday travel.”
Considering a large portion of privacy incidents involve lost or stolen laptops, it is good to see an article providing some security advice on a non-security specific site. It is also good that the article points out that the risks go beyond just identity theft for the laptop owner, but extends to all kinds of crime that can be committed with any corporate data stored on the device, and that the devices at risk also include USB thumb drives, MP3 players, and other types of devices.
“The best defense is to encrypt sensitive information, so that even if the hardware that stores it is stolen, your secrets are safe.”
Yes, I’ve said it many times before, and I’ll say it many times more at the risk of sounding like a broken record (or should I now say broken iPod), confidential data that is moving, through networks or on human legs or other physical transport within some type of electronic storage or computing device, should be encrypted. I will be happy to see the day when encryption is as common as seatbelts in cars, and just as easy to use. Of course, just like seatbelts, you’ll still find those folks who will not use encryption and then find themselves involved in a privacy breach.
Recently I was traveling and had around 1 1/2 hours before my connection, so I was sipping an ice tea in a pub/restaurant area of a large airport. There was a guy a couple of tables away from me working on his laptop; his table was right next to the busy line of foot traffic area where travelers were walking to and from their gates. He had one tall empty beer glass next to his laptop, and was almost done with another. He finished it soon after I sat down, then got up, leaving his computer sitting on the table unattended, and walked all the way across the restaurant to the bar, getting in line for 5 – 10 minutes, not looking back at his computer once that I could see while he was waiting to get another brewskie. And no, no one stole his computer…at least while I was there, but SOMEONE EASILY COULD HAVE! He also did not secure his screen; his Outlook inbox was visible for all those in close proximity to see. He was starting his 4th beer as I left. This is not the first time I have seen people leaving laptops behind while they went for more food, drink or even further away for personal relief. I wonder how many incidents have occurred as a result of mixing drinking with public computing? Maybe “Don’t drink and compute” would sell good as a bumper sticker. Hmm…
The EARTHtimes article listed nine tips for securing data while traveling, but I want to add another very basic protection, and that is to keep your laptop and other electronic storage media with you at all times while traveling in airports and while in public places. It is wholly negligent to just leave computers sitting around for any sticky fingers to grab while you go get more booze. I have nothing against drinking responsibly, but if you’re going to get sloshed while working on your computer while travelig, try handcuffing your laptop to yourself so you don’t do something stupid that you will end up regretting later as you file a police report for a stolen computer, or as you call your company to tell them your laptop containing the PII of 1 million of your customers was taken.
Tags: awareness and training, Information Security, IT compliance, policies and procedures, privacy, privacy incident, stolen laptops