It's better to assume that ALL DATA IS PUBLIC -- some of it just hasn’t escaped into the wild yet. If you’ve typed it, captured a photo of it, accessed it, or even, in this age of location-tracking apps, been there/done that, chances are the data is now somewhere for the taking. With mobile devices including smartphones, tablets, and laptops, “the taking” of your sensitive, personal, or “private” device, with its data, is easier than ever.
If you lose your gear, you can count on finding some of your private data “in the wild” on the Web or finding out that your accounts have been accessed and valuable assets are lost.
What can you lose?
- Expensive gear: Laptop, phone, tablet, flash drives
- Expensive software
- Reputation
- Accounts that link to your assets
- Personal information like photos, emails, blogs, and chats that you don't want everybody to see
- Really sensitive information like PII data, organizational secrets, and pre-release product info.
What can you do?
If you do lose your gear, you can count on some level of information compromise and data loss. Minimizing compromise and loss requires multiple steps and might take a while.If you use public key encryption to identify yourself and protect confidential emails, Step 1 after losing your gear is: Change your encryption key and revoke keys and security certificates that lived on the machine, including PGP keys, x509 certificates, and remote SSH keys.
Additional Steps to Protect Compromised Data On Lost Devices:
- Report your equipment as lost or stolen if the lost item is company property.
- Post a notice on your social accounts announcing the loss of the device.
- Make a list of accounts that were accessed from the lost device and change all of your passwords.
- Over the next few months, watch for access to accounts from any new or unexpected places.
What can losing your gear/data cost you?
If you lose your gear, you're looking at hefty costs. You might be on the hook for any of the following:- Replacement fees for expensive gear and software licenses
- Reputation and credibility on social networks
- Your friends lose privacy -- information they gave you in confidence, like photos and contact info, can become public
- You can lose money directly from your accounts -- someone can buy things with your credentials at sites like amazon.com or transfer money by logging in using credentials stored in your device at the bank accounts that are stored in your browser cookies, bookmarks, and history
- If you run a small business or organizational department from your laptop, an intruder could suddenly have access to confidential facts
Simple steps to protect your data and accounts from future compromise:
Often, if you lose your gear and sensitive company data entrusted to you is compromised, you can lose your job. To keep this from happening, the following key phrases can potentially help you a lot:- “Don’t worry. Everything is encrypted.”
- “No problem -- I have passwords set up at every level in the device, including device passwords, application passwords, and file system passwords.”
- “No sweat -- I was using 256 bit AES encryption for my email account. No one but the NSA circa the year 2075 will be able to access those emails.
If you have to travel with sensitive information, it’s wise to encrypt your hard drive or the portion of the hard drive that contains information you don’t want to see in the wild.
If you haven’t done so already, opt in for 2-factor authentication wherever it is offered. That way, if you lose one device, you can limit the damage to your account and receive some notice when someone tries to log into an account that is protected by authentication through multiple devices.
Password-protect everything with strong passwords that are unique. Just don’t use “correct horse battery staple”, if possible.
If you’ve lost your mobile device, now is the time to build some great security habits (and deal with the data catastrophe that is in the making).
If you still have your gear and have never lost it, now is the time to build some great security habits and stave off disaster before it happens to you.
