As always, we can learn from example . . .

A little over a month ago I used my 4GB USB flash drive to move a small executable file from one computer to another. After using it I dropped it back into my computer bag like I always do….

Or, so I thought.

…………………………

Life was good and I had no need for the USB drive. But then I really needed it for moving another file between computers that were not networked.

I rummaged through my computer bag. No luck.

I cleaned the extraneous stuff off my desk. Still could not find the drive.

I even removed all the change in the cup holders in my pickup. No joy.

Finally, it was found deep in the bottom of my computer bag, where it was supposed to be.

………………………….

As The Professor used to say in college, “It’s intuitively obvious” that USB drives can be easily lost.

What should we do? Here a couple of ideas…

• Never store confidential information on a USB drive.
• If you must put confidential information on a USB drive, then encrypt the USB drive, or the files on the USB drive. This is pretty easy. You can use a drive from IronKey, or you can use a generic drive with TrueCrypt.

So, be careful out there. Don’t lose your personal information by putting it on an unencrypted USB drive.

- Dan

I received a call this week from a friend who works in a small office. She had been out for a few days, and when she returned it became obvious that someone had been rummaging through the stuff on her desk.

Then, she started telling me that when she turned her computer on there was evidence that someone had been using her computer, as well.

Needless to say, she was pretty upset and wanted to know how she could tell who the offender was. She was hoping that there were some “tracks” somewhere that would tell here everything about who had been using her computer.

She wanted to confront the others in the office about accessing her computer and desk items while she was out.

Now, let’s look at some details from a common-sense perspective…

• The computer was configured so that it didn’t require a password to get into Windows. My recommendation was that she make the computer require a password to enter Windows. I suggested to her that the added security far outweighed any perceived inconvenience here.
• It also turns out that the computer in question is a notebook. She had just been turning the computer off at night and leaving it on her desk. Further inquiry led to the discovery that she had a locked file cabinet where she kept the important company information. My recommendation was to make it so the computer could not be accessed while she was not there. I suggested that she lock the notebook computer in the cabinet when she left the office for the day.
• Further questioning helped me to realize that the business has purchased this notebook computer a year ago, but there was no need for portability. So, why did they purchase a notebook? I couldn’t get a firm answer. My recommendation is that a notebook only be purchased if there is a need for portability, as portability makes theft of the computer easier.
• Regarding who and why someone accessed the computer without permission, there could be a variety of reasons. I suggested to her that she calmly discuss with her office-mates that it appeared someone had been looking for something while she was out. I also suggested that it is important she do this professionally, and to encourage them to call her is something is needed while she is out. These are people that she has to work with, and it is important that relationships not be antagonistic.

The conclusion is that this situation could have been averted with just a few simple actions.

Let’s all use common sense when approaching physical security.

- Dan

I can remember many, many years ago when my Dad disposed of old tax documents. He just threw them in the trash.

The only redeeming factor was that we lived in the country and burned all of our paper trash.

But, have you ever known anyone to just toss a confidential document in the trash? What is considered “confidential“?

Here are some examples of what you should consider confidential…

• Anything with your Social Security number on it
• Anything with a credit card number on it
• Anything that is a credit application
• Anything with user accounts and passwords
• Anything with bank account numbers

Tip: Purchase a cross-cut shredder and shred confidential documents.

This will help to protect you from identity theft, or someone using your credit to make purchases.

Make you life easier. Shred those documents!

- Dan