Friday, February 19, 2016

Physical theft of sensitive information...

One of the most common means of sensitive information theft is physical. This often happens when an employee takes sensitive information offsite on a portable computer or device without following proper precautions.

Stolen portable computers (laptops, tablets, smart phones) containing sensitive/protected information…

Stolen or lost memory sticks or portable hard drives that are unencrypted…

Even paperwork containing sensitive information that is stored in a briefcase or laptop case…

Remember that just one instance of stolen sensitive information can result in unfavorable press coverage and financial loss. California Breach Notice laws require that all those affected be personally notified and sometimes compensated in order to protect their identities.

What can we do to lower the chances of physical theft?
  • Do not store your password with your portable computer
    • You should secure your portable computer with a strong password, but never keep the password in the laptop/portable computer case or on a piece of paper or label attached to it.
  • Encrypt your laptop and any portable media containing sensitive data
    • Just one stolen laptop with sensitive information on it can result in unfavorable press coverage and require that all those affected be personally notified. Don’t store anything unencrypted on a portable device that you wouldn’t be comfortable with the general public viewing. Encrypt external hard drives, memory sticks and other storage as well.
  • Secure your portable computer when unattended
    • Attach a laptop with a security cable to something immovable or to a heavy piece of furniture when it is unattended. Devices are available that sound an alarm when there is unexpected motion or when the computer is moved outside a specified range around you.
    • Do not leave your portable computer in your car
    • Don’t leave your portable computer on the seat or even locked in the trunk. Locked cars are often the target of thieves.
    • Do not store your portable computer in checked luggage. Always carry it with you.
  • Keep track of your portable computer when you go through airport screening
    • Portable computers are frequently stolen at airport screening areas. Hold onto your device until the person in front of you has gone through the metal detector. Watch for your device to emerge from the screening equipment.
  • Keep it off the floor
    • No matter where you are in public – at a conference, a coffee shop, or a registration desk – avoid putting your laptop on the floor. If you must put it down, place it between your feet or up against your leg, so that you are aware of where it is located at all times.
  • Secure your laptop when in the office
    • Secure your laptop by locking it in a docking station, if available, using a security cable, a locked office or a locked cabinet.
  • Record identifying information and mark your equipment
    • Record the make, model and serial number of the equipment and keep it in a separate location. Consider having the outside of the case labeled with your department’s contact information and logo.
  • Backup your files
    • Make an encrypted backup of your files before every trip. In the event that your laptop is lost or stolen, you will still have a copy of your data.

1 comment:

  1. With the amount of data breaches in the past couple of years, cloud computing is a safe and secure data room virtual storage open. Not only are there automatic data backup and remote wipe capabilities, but the cloud has all of the previous data security options plus it is not a piece of hardware that can be lost or stolen.