http://blogs.msdn.com/aridle/archive/tags/Security/default.aspxTags: Securityen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/aridle/archive/2005/09/30/a-note-on-personal-information-security.aspxFri, 30 Sep 2005 21:31:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:475796aridle1http://blogs.msdn.com/aridle/comments/475796.aspxhttp://blogs.msdn.com/aridle/commentrss.aspx?PostID=475796http://blogs.msdn.com/aridle/rsscomments.aspx?PostID=475796<DIV class=aor> <P>Three weeks ago, a bag containing my corporate laptop and ID was stolen from my car in Stanley Park, Vancouver, B.C.&nbsp; Suffice to say, it has not been a pleasant experience.&nbsp; I thought I’d mention it here to warn you of a few things that I’d never considered.</P> <P>First, there’s the property loss of approximately $3500 US.&nbsp; That’s to be expected in a theft of this nature:&nbsp; a broken window ($400); a laptop ($2500); laptop accessories ($200); the bag itself ($100).</P> <P>Second, there’s the loss of personally identifiable information.&nbsp; The PC itself was secured with strong passwords.&nbsp; And, Microsoft Security was able to cancel my access to corporate systems until I was able to return to the office, get a replacement badge and change my passwords. But, my latest personal backup CDs were also in the bag.&nbsp; Those were not secured.&nbsp; The files on them contained a gold mine for an identity thief:&nbsp; unsecured soft copies of my credit report.&nbsp; Needless to say, my wife and I have done everything in our power since then to ensure that we are not targetted.&nbsp; Here’s a short list of what we did:</P> <UL> <LI>Placed a fraud watch on our credit reports with all of the major agencies:&nbsp; <A class=aor href="http://equifax.com/" mce_href="http://equifax.com/">Equifax</A>, <A class=aor href="http://experian.com/" mce_href="http://experian.com/">Experian</A>, and <A class=aor href="http://transunion.com/" mce_href="http://transunion.com/">Trans Union</A></LI> <LI>Cancelled all of our credit cards (as if they’d been stolen)</LI> <LI>Changed all of our bank accounts (as if the check books had been stolen)</LI> <LI>Changed all of our direct deposits and withdrawls </LI> <LI>Changed all of our investment accounts</LI> <LI>Changed all of our online passwords for all of these accounts (to strong passwords)</LI></UL> <P>And, finally, there’s the loss of data in general when you don’t backup frequently.&nbsp; Because my most recent backups were in the bag, I had to revert to an older backup.&nbsp; I lost months of data.&nbsp; Nothing that I can’t replace.&nbsp; But, it still hurts.</P> <P>I now have a new appreciation for the term information security.&nbsp; And, I’ve been investigating ways of preventing a similar fire drill should this happen again.&nbsp; At the moment, I’m leaning toward installing <A class=aor href="http://pgp.com/" mce_href="http://pgp.com/">PGP Desktop</A> and creating virtual disks for highly sensitive personal information.&nbsp; This will allow me to&nbsp;backup the data in a secure manner by copying the&nbsp;encrypted “disk”&nbsp;file to CD.&nbsp; I am also considering investing in a fire retardant safe in which to keep these CDs.</P> <P>Lessons learned:</P> <UL> <LI>Don’t leave valuables visable in your unattended car.</LI> <LI>Secure your personally identifiable information – especially on backups.</LI> <LI>Backup frequently!&nbsp; And, always make two copies of your backups.&nbsp; Put one in a safe place.&nbsp; Keep the other one out for reference.</LI></UL> <P>I hope you never experience this.&nbsp; </P></DIV><img src="http://blogs.msdn.com/aggbug.aspx?PostID=475796" width="1" height="1">Security