Thursday, January 14, 2010


identity-theftwatchmen by planent. 


Simple Security:
Defend Against Analog Data Theft

Article in local newspaper: Connecticut’s state Department of Revenue Services (the taxman) “has allowed former employees, even those who have been fired, to retain their access to critical state computer systems.”

The front page news continues: “The Auditors of Public Accounts…said the DRS is failing to follow its own procedures – and those ordered in recent years by Gov. M. Jodi Rell – to secure sensitive data.”

Most of us recognize the value of personal information – names, addresses Social Security numbers, credit card numbers and, as web site owners and keepers of this sensitive customer information, we take prudent steps to protect this data from hacker attacks.

We have server-side security provided by any good web host and we have a fire wall, anti-virus, anti-spyware and other software or services to protect this data. After all, it’s the responsibility of any commercial site owner to protect this information from hackers, crackers, war drivers, script kiddies and other black hats out to steal this info for illegal purchases and identity frauds of every stripe and hue.

But based on the above article about the Connecticut tax department, along with the theft of numerous laptops containing sensitive government and private sector personal data, the biggest threat of data theft isn’t from some nameless, faceless stranger in a strange land. The most likely culprit to steal your key data, or inadvertently allow this information to fall into the wrong hands, is someone you know – know right now.

Just Plain Stealing
In his book, Securing Your Information in an Insecure World, Fortune 500 security expert Hassan Osman, makes the distinction between digital and analog computer attacks.

“If someone broke into your home, what is he most likely to steal? Most likely it'll be that expensive laptop sitting on your home office desk…not only have you lost a valuable piece of hardware, you've also lost all of the data you had stored on that computer - some of which may be very interesting to the clever thief, who now has access to bank accounts, investment accounts and your on-line e-tail accounts.

In an office setting, theft is all-too-common. All it takes is a con man, dressed in work overalls and pushing a trash bin, to start dumping one laptop after another into the bin and wheeling them out the front door. Who would know?

Fortunately for users, [this kind of] theft is an 'analog' rather than 'digital' attack, so the counter measures are very easy to implement.”

Analog Data Theft
It could be the proverbial disgruntled employee, a business partner, an irate spouse or your college roommate – you don’t know who’s going to walk off with your laptop loaded with client or customer information. In Connecticut, it could be some angry nut job from the Department of Revenue Services who’s been fired but still has the security code to your SS# and other good stuff.

No matter how many firewalls you install, if you leave your laptop in the back of a cab or even on your desk in the office, you’ve created a security breach that could be (will be) fatal to your online business. It’s happened to huge world conglomerates, mortgage lenders, academic institutions, untold numbers of businesses – and yes, analog data theft can happen to you.

So what can you do to protect both the hardware and the information it contains? As Mr. Osman stated, because the “theft is an analog rather than digital attack…the countermeasures are very easy to implement. So here’s what you do.

Lock It Up
This is so simple, yet most of us don’t even think to do it. Lock up your laptop or your desktop. 

Put your laptop in a locked drawer, a file cabinet or even your desk drawer – and lock it. Simple. Also, purchase a computer lock that’ll prevent someone from walking off with your laptop and your business. One of the best ways to keep your laptop on your desk is with a laptop or desktop computer lock. There are lots of choices but one of the best is AnchorPad Security. Just Google computer locks for other choices. It’s such a simple step, you have to wonder why more commercial site owners don’t lock down desktops and laptops that are loaded with critical data. 

Do You Know Where Your Laptop Is?

There’s an old saying, “Living in New York City is always knowing where your pocketbook is.” (Sorry, NYC.) But it’s true. Stick your purse under the table of a fancy restaurant (anywhere, not just the Big Apple) and it could be gone in a flash. There are actually gangs who work together – one distracts, the other grabs. It’s so common, most police departments don’t have the resources to follow-up. There’s also not much to go on.

Same with the custodial engineer who just walked off with your laptop. Or an ex-partner who still has the keys to the office. Being an online business owner means always knowing where your computer is – and that it’s in a safe place. It could be as simple as locking the home office door to keep out the kids or the babysitter.

Don’t Advertise Your Laptop
A lot of site owners do business on the fly, carrying their laptops in those cool-looking laptop carry-alls. You might just as well hang a sign around your neck: Carrying Laptop Here.” The bad guys (oh, they’re out there) look for this kind of luggage. It’s the “steal me” sign.

So, instead of going with the laptop carrying bag, put your laptop in a plain old briefcase or even a ratty-looking backpack – anything but a laptop bag. Or, stick the hardware under your bulky coat, but don’t leave it in the cab or at the local hot spot. In fact, using your business system in public is asking for trouble. Keep your valuables hidden – and, as an e-biz owner, nothing is more valuable than the customer data on your business system.

Put Your Passwords on Steroids
Another helpful tip – well, at least it is after your computer has been stolen – is to beef up your passwords and change them often. This is especially true after a dispute with your ex-partner, spouse or someone else who knows your passwords.

Don’t use obvious passwords – birthdays, street addresses, pet names, etc. Someone who knows you won’t have much trouble figuring out that “bunny507” will get them access to the inner sanctum. Instead, use a combination of letters, numbers and symbols to foil once-trusted, now-would-be-data-thieves with a password like K18%##UTR. Some systems limit the number of characters you can use for a password. Use the max, mix them up and change them often.

It’s disheartening to think that after spending a fortune to protect sensitive data from hackers around the world, some kid down the block can rip off your business system and obtain the valuable data therein. It’s also disheartening to read that state and federal agencies are routinely hacked, that laptops are stolen or lost and that analog data theft does much more damage than digital hackers can do – ever.

So, take the simple steps. Lock up your laptop when you leave the office. Lock it down when you take a coffee break. Hide it when you travel and add some oomph to your passwords in case your system does fall into the wrong (but knowing) hands.

Finally, one last point. Save and save often. Back-up all sensitive data, preferably in a remote location. If you work in an office, back up critical information at home. If you work at home, back up to an outboard hard drive and then hide the hard drive.

Firewalls, anti-virus and anti-spyware may protect you from outside, digital attacks, but they won’t do a thing if your business system comes under an analog data theft – just plain stealing. Keep it in mind all of the time and always know where your laptop is.


No comments: