During the past few months, I've reverted back to being a ''road warrior'' of sorts. Apart from spending far too much time with my 1K buddies over at United, all the travel has made me think about the security of the data on my laptop, PDA, and (Linux-based) phone.

Think about it a bit... How do you protect your data on your traveling laptop? Chances are that your company supplied you with a laptop along with the usual suspects of security software: anti-virus, personal firewall, and maybe even some anti-spyware software. If you're really lucky, you also got some encryption software and such with that laptop -- even if you had to buy it and install it yourself.

But what about your data? Allow me to explain.

While traveling, I've been watching what other travelers do, in addition to being perhaps a bit overly paranoid about my own data. Here are a few things I've noticed:

  • We all have some of our own stuff on our laptops, personal electronic gizmos, and such. It probably covers a spectrum from 'so what if I lose it' (e.g., copies of our favorite music files) to 'I don't want anyone else to get this' (e.g., local copies of personal finance management software). You've probably got some personal email, as well.
  • Consider, too, the shared security attributes of the sites that we connect to. Ever use that public access 'business PC' at the hotel to print out your boarding pass for tomorrow's flight home? How did you log into the airline's Website? Do you use that username/password anywhere else? Not a problem, you say, since the Website is SSL encrypted? Don't take that confidence to the bank!
  • When we travel, we're not always as careful as we ought to be about our data. When you put your laptop through the airport security magnetometer (sometimes erroneously called a metal detector), do you make sure your laptop went in before you walk through yourself? When you're at a business meeting, do you leave your laptop in the meeting room while you and your buddies go out to lunch? When you leave your hotel room at night, do you leave your laptop in the room?
    Are you thinking I'm being too paranoid? I've heard that many times. However, consider this: I've had two laptops stolen out of the trunk of my car in broad daylight while attending a conference, and I've had my hotel room broken into and personal items stolen twice while on vacation with my wife (in the paradise of Hawaii, no less!).

    I'm not making up bad things that might happen. I'm responding to bad things that have happened to me. If that doesn't make a (security) guy paranoid, I don't know what will.

    So, here are a few suggestions on how you might want to protect your data. Well, you also can protect your company's data this way, but let's not kid ourselves as to why we really want to protect what's on our laptops.

  • Be paranoid and vigilant. Keep your valuables with you at all times. Sure, it's a pain to carry that bulky laptop bag to lunch, but it's worth it.
  • Never, never, never enter re-usable username/password credentials on a public access computer. The chances of that computer not being a veritable digital petri dish of malware are very low. The chances of someone else snarfing your username/password or other sensitive data -- you didn't use a credit card there, did you? -- are significant.
    When I use a hotel's printer, I put the file I want to print onto a USB stick and take the USB stick to the public access PC to print the file. If I'm feeling really dirty after that, I re-format the USB stick on my Linux machine at home. (Even printing directly from a Web application (e.g., airline boarding pass) is easy this way if you use a virtual printer like eFax (www.efax.com) to capture the printer output and save it into a .TIF file.)
  • If you travel with a PDA, smart phone, or other personal electronic devices, make use of all of the security features that they have to offer. For example, my phone is GSM-based, and I use the PIN lock feature to lock the small SIM smartcard inside the phone. That way, if someone gets my phone, they'll have to enter the PIN to use it, and after three failed entries, the SIM locks itself and all the data on it. That won't stop everyone, but it'll sure slow down a lot of people.
  • If you use wireless networks when you travel (and who doesn't these days), be certain to use good personal firewall software on your PC, as well as an IPSec-based VPN to connect to your office network, if at all possible. That'll keep the miscreants at public hotspots at bay. At least, they'll be more likely to go after someone else...
  • Encrypt the stuff you don't want anyone else to see. Oh, and store that stuff on small, removable media that you keep with you at all times. I grabbed a 1 gigabyte USB2 stick about a year ago from one of the megastores when it went on sale for about $40. In fact, I keep a few USB sticks with me. They're perfect for protecting my most important stuff (like draft copies of these columns, of course).
  • The stuff that's too important to keep even on a USB stick that stays with you at all times should not be traveling. I have a couple of PGP secret keys that don't leave home, for example. I also don't travel with the RSA one-time password that I use to access my investment funds. That stuff can wait until I'm home. The ox is slow, but the earth is patient.
  • Oh, and you do have backups at home, right?

    If you're thinking all of this advice is fine and well, but it would take far too much time to actually implement, consider the amount of time and effort it'll take you when someone steals your identity and riddles your personal credit history with all sorts of nasties that you could have prevented.