Download our in-depth report: The Ultimate Guide to IT Security VendorsAs I was driving to work a couple of weeks ago, I stopped at aneighborhood gas station to fill up since I'd be traveling over theweekend. While some may attest that I'm paranoid, it seems a little overthe top to lock my truck doors before I start to gas up and pay at thepump. But when the pump rejected my credit card, I had to go inside topay.
I came out to find my backpack had been stolen out of the cab of thetruck.
I was a little dazed. I was a little shocked. I was a whole lot annoyed.I had to go home and explain to my husband that someone had stolen my backpack out ofmy truck while I was getting gas.
The first question I got was, ''What did you lose?''https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i ''Everything,'' I replied, a little testily.
''My laptop, my pager, my PDA, my iPod, two power supplies, three cables,a video adapter, two project notebooks, a consulting journal, a personaljournal, my cheater book, a fork, two knives, and my wallet... more orless.''
''You're kidding, right?''
At that point he just looked at me. I don't know whether he was moreunnerved by the actual contents of my backpack or my ability to recite,off the top of my head, the contents of my backpack. (I don't think itwas the two knives.) I simply think he'd never realized that when I say Ilive out of my backpack, I actually mean, if I have some place to sleepand my backpack, I'm pretty much all set.
A little network sniffing and I can have access too.
However my proclivity toward paranoia and over-preparation for the worstin life isn't the real story here. The real story is what I went through-- and am still going through -- to get things together again. To me,calling the bank, killing three credit cards, and sending a letter to theRMV regarding my driver's license is simple. I also replaced myDepartment of Defense ID and bought another T pass (I won't be drivingagain for awhile.) As long as you know the contents of yourwallet/purse/pack, this is all mechanics.
What's on Your Machines?
The not-so-easy part was deciding what was on my PDA, my pager, and mylaptop that might be confidential or sensitive -- or even moreimportantly, what might be someone else's sensitive data that might notbe immediately obvious. How do I know (or find out) what was on each ofthese objects?
The pager didn't have anything but email addresses, so that wasn't sobad. The PDA had my address book on it, a listing of people (includingtheir mail, email and phone numbers) who I do business with all the time,and my schedule. Another win for me.
Now, my iPod isn't a security threat, but I'll be spending a bunch oftime with my CD collection again.
My laptop, however, is another story. I live in email. If something ishappening in my life, it's in my email. Appointments, requests forassistance, billing/payment information for my personal finances -- youname it, I've written a note about it and saved it under unsent mail atone time or another.
I've got other stuff on my laptop, certainly. My scheduler has all thenumbers to my bank, all the data for my relatives... everything. (Have Istressed before exactly how important it is to NOT TO USE your mother'sreal maiden name?)
Fortunately (again) for me, I had just deployed this laptop. That means Ihadn't had the chance to put project data and sensitive information fromanother department regarding their security concerns on its hard drive. Iwas able to go back to the office, get my old laptop and know exactlywhat was on the hard drive.
I can fix my own stuff. That I can deal with. But had it been someoneelse's stuff on that stolen laptop, I would have had to notify them aboutthe risk that my own carelessness exposed them to. Then I would have hadto help them decide what appropriate action to take. If I had had a lotof those situations to deal with, it could have been very damaging to meand the organization.
Can you, right now, from memory make a list, with any certainty, of thecontents of your hard drive? Can you reproduce all those records forauditing purposes or to use in notification procedures in the event it isstolen? Do you do backups?
If the answer to these questions is, yes, then you have fewer worries.You'll only have to recreate from your last backup forward. You can seehere how an annual backup isn't an optimal strategy. If you don't have abackup, I hope you have good paper documentation or an excellent memory.Otherwise, you have no way to tell definitively what was compromised.
Protecting Your Data
This notion extends to your personal data as well.
The loss of credit cards can be compounded when you don't report them allas stolen. Not only can they be used against you, but they can be usedto create a whole new credit history. Carrying 30 cards serves nopurpose. Sure it's nice to have specific cards for Home Depot, Macy's,Lowes, the Disney Store, your local credit union, your car manufacturer,and your frequent flier miles. But really, why? What you put on onedoesn't earn you points on another.
I had three cards in my wallet. There was the card I use for purchases inthe real world, the card I use for purchases online, over the phone andfor monthly recurring charges, and my business card. The nice thing hereis that I also know for sure what the last charge was and what amount itwas for on each card. When I cancelled the cards, I was able to verifythey hadn't been used fraudulently.
Finally, I've initiated a fraud watch on my credit reports, as well.
It's a lot of work losing your stuff. It's better to be prepared.
What's in your wallet?