Information Security Takes a Holiday

With the summer travel season fully upon us, airports and roadways will be filled with the “other children” of excited and weary nomads -- namely the laptops, netbooks, and mobile devices that people carry with them. Some of this equipment will be transmitting data across “foreign” networks; and, unfortunately, some may even be lost or stolen in transit. So whether you’re packing up the bags for the beaches of Corsica, revving your engine for a drive to Wally World or sticking around home for a relaxing afternoon, take a moment to consider what information you’re taking with you and what could unknowingly be left behind.

First, envision the content and volume of information that is stored on your equipment. Now imagine handing it over to a stranger and walking away. If your reaction to this is nothing more than a shrug, you’ll likely have nothing to worry about. However, if you find yourself in a state of shock, you’ll want to narrow the risk of potential data loss.

On that note, assess your risk tolerance. We use this term frequently in relation to investment strategies, but it’s also relevant for information security. In the same way that some people prefer a vacation of bungee-jumping to movie-watching, some feel the ease of unencumbered computer usage is worth the risk.

There is an array of options for data protection. The list begins with basic measures that should be taken under all circumstances and ends with more complicated solutions that could seriously impact your convenience.

  • Anti-virus & anti-spyware software: This is old news, but any computer on the Internet must have software that protects against viruses and spyware. Software should be updated frequently to ensure protection from recent threats.
  • Firewall: Most operating systems come with a firewall enabled by default. For additional security, you may choose to purchase a secondary firewall from a reputable source. In either case, firewalls should never be disabled or ignored.
  • Logon passwords: Laptops and mobile devices should be configured to require a password when first started and after a period of inactivity. The longer and more complex the password, the better. These devices are easy to lose, with ramifications ranging from the hassle of a missing phone to unauthorized charges and lost data.
  • Power: In general, devices are more secure when powered down. Turn devices off while in transit.
  • Stored passwords: Remember your passwords to the extent possible. Do not save them to a file on the device itself and do not allow your Internet browser to “remember” passwords to websites. Change passwords every 3-6 months.
  • Internet browsing: When browsing the Internet on a public network (meaning any network that you don’t control) assume that the security of that network is unknown and let your risk tolerance guide you. At the very least, pay attention to the website address and remember that sites that begin with “https://” encrypt transmissions, while those with merely “http://” are not secure. Resist entering sensitive information on an insecure site and always heed security warnings issued by your browser or firewall.
  • Encryption: There are many ways to encrypt information stored on your device, essentially scrambling the data so that it cannot be retrieved without the required key. This is becoming very common, and many operating systems provide methods for doing so. While options exist to encrypt single files or folders, encrypting the entire hard drive will ensure that all data on the device is secure. This extends to external storage devices, and USB keys should always be encrypted.
  • Traffic filtering: Depending on your technical knowledge and thirst for adventure, you may choose to route all your Internet usage through a proxy, filtering service or virtual private network (VPN) to mask your location, encrypt all traffic, or further protect yourself from web-based malware.

Finally, the most effective approach to data security may be the most obvious and the least technical. Limiting usage certainly limits the chances for lost data. If you’re about to access information in public that you’d prefer to keep private, take a moment to consider the reasons and urgency for doing so. For instance, if you’d be checking your bank account at the airport because you’re bored during a flight delay, buy a magazine instead. Or, in an act of total reckless abandon, leave your laptop and iPhone behind (in a safety deposit box, of course!) and enjoy the summer sunshine.

Jay Owens
Director - Information Technology