WEBINAR: Live Date: December 14, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Modernizing Authentication — What It Takes to Transform Secure Access REGISTER >
I came out to find my backpack had been stolen out of the cab of the truck.
I was a little dazed. I was a little shocked. I was a whole lot annoyed. I had to go home and explain to my husband that someone had stolen my backpack out of my truck while I was getting gas.
The first question I got was, ''What did you lose?''
''My laptop, my pager, my PDA, my iPod, two power supplies, three cables, a video adapter, two project notebooks, a consulting journal, a personal journal, my cheater book, a fork, two knives, and my wallet... more or less.''
''You're kidding, right?''
At that point he just looked at me. I don't know whether he was more unnerved by the actual contents of my backpack or my ability to recite, off the top of my head, the contents of my backpack. (I don't think it was the two knives.) I simply think he'd never realized that when I say I live out of my backpack, I actually mean, if I have some place to sleep and my backpack, I'm pretty much all set.
A little network sniffing and I can have access too.
However my proclivity toward paranoia and over-preparation for the worst in life isn't the real story here. The real story is what I went through -- and am still going through -- to get things together again. To me, calling the bank, killing three credit cards, and sending a letter to the RMV regarding my driver's license is simple. I also replaced my Department of Defense ID and bought another T pass (I won't be driving again for awhile.) As long as you know the contents of your wallet/purse/pack, this is all mechanics.
What's on Your Machines?
The not-so-easy part was deciding what was on my PDA, my pager, and my laptop that might be confidential or sensitive -- or even more importantly, what might be someone else's sensitive data that might not be immediately obvious. How do I know (or find out) what was on each of these objects?
The pager didn't have anything but email addresses, so that wasn't so bad. The PDA had my address book on it, a listing of people (including their mail, email and phone numbers) who I do business with all the time, and my schedule. Another win for me.
Now, my iPod isn't a security threat, but I'll be spending a bunch of time with my CD collection again.
My laptop, however, is another story. I live in email. If something is happening in my life, it's in my email. Appointments, requests for assistance, billing/payment information for my personal finances -- you name it, I've written a note about it and saved it under unsent mail at one time or another.
I've got other stuff on my laptop, certainly. My scheduler has all the numbers to my bank, all the data for my relatives... everything. (Have I stressed before exactly how important it is to NOT TO USE your mother's real maiden name?)
Fortunately (again) for me, I had just deployed this laptop. That means I hadn't had the chance to put project data and sensitive information from another department regarding their security concerns on its hard drive. I was able to go back to the office, get my old laptop and know exactly what was on the hard drive.
I can fix my own stuff. That I can deal with. But had it been someone else's stuff on that stolen laptop, I would have had to notify them about the risk that my own carelessness exposed them to. Then I would have had to help them decide what appropriate action to take. If I had had a lot of those situations to deal with, it could have been very damaging to me and the organization.
Can you, right now, from memory make a list, with any certainty, of the contents of your hard drive? Can you reproduce all those records for auditing purposes or to use in notification procedures in the event it is stolen? Do you do backups?
If the answer to these questions is, yes, then you have fewer worries. You'll only have to recreate from your last backup forward. You can see here how an annual backup isn't an optimal strategy. If you don't have a backup, I hope you have good paper documentation or an excellent memory. Otherwise, you have no way to tell definitively what was compromised.
Protecting Your Data
This notion extends to your personal data as well.
The loss of credit cards can be compounded when you don't report them all as stolen. Not only can they be used against you, but they can be used to create a whole new credit history. Carrying 30 cards serves no purpose. Sure it's nice to have specific cards for Home Depot, Macy's, Lowes, the Disney Store, your local credit union, your car manufacturer, and your frequent flier miles. But really, why? What you put on one doesn't earn you points on another.
I had three cards in my wallet. There was the card I use for purchases in the real world, the card I use for purchases online, over the phone and for monthly recurring charges, and my business card. The nice thing here is that I also know for sure what the last charge was and what amount it was for on each card. When I cancelled the cards, I was able to verify they hadn't been used fraudulently.
Finally, I've initiated a fraud watch on my credit reports, as well.
It's a lot of work losing your stuff. It's better to be prepared.
What's in your wallet?