(Photo via PMS)
Have you ever wondered just how safe your personal, business or private information is?
Even if you think you’ve got yourself covered, the government and businesses already have a lot of your information too. What happens when someone sneaky manages to get their hands on it or walks away with it from right under their noses (and maybe yours)?
Take a look at 3 cases where big brother or businesses put your personal or important information at risk. Decide for yourself how safe your information is.
Case 1: US Department of Homeland Security
Recently the Department of Homeland Security failed a computer security check by its own inspectors. Though it might be exceptionally embarrassing (they are “homeland security“), it’s a huge problem in Canada and worldwide too — even if security holes wasn’t the only issue.
Indeed, the DHS US-CERT office is currently plagued by at least 600 vulnerabilities that could compromise sensitive data, including 202 which have been classified as high-risk.”
(Via TG Daily.)
Install your Microsoft Office, Adobe and Java and other patches early and often to avoid viruses and backdoor sneakiness. Otherwise, never connect to the Internet (so secret information never gets sent out) among other things.
There are a few other things you could do however I’ll leave that to an upcoming book on protecting your important personal information on the Internet that I’m working on.
Case 2: Durham Region Health Department flu vaccination clinic
In fact, 83,000 health records went missing in January 2010 in Ontario. The security issue was a USB key holding a lot of information — like 83,000 people’s worth.
Health records of 83,000 lost in Ontario OSHAWA, Ont. – Ontario’s privacy commissioner has launched an investigation after a …
USB drive containing the personal health information of more than 83,000 people, who went to flu clinics in Durham Region just northeast of Toronto, went missing.
The USB key contained the personal information of persons who attended a Durham Region Health Department flu vaccination clinic for either an H1N1 or seasonal flu shot between Oct. 23 and Dec. 15. Commission spokesman Bob Spence said the probe will try to determine what happened and what steps might be taken to prevent a similar incident from occurring.
A health department nurse was taking a USB key containing the records to her car in Whitby, Ont., for use at a remote clinic site on Dec. 15 when the device was lost.
A search failed to turn it up. “We believe it was lost on regional property. We have some video surveillance tape to indicate that was the case,” said Dr. Robert Kyle, chief medical officer of health for Durham Region.
The problem with having little USB key sticks is that you can carry your photo, music and every other collection 3 times over. It’s too easy for government agencies, businesses or you to put too much important stuff in there. One good mugging and you’ve lost it all (or forgetting it at the morning coffee in a cafe on the West side).
Do yourself a favour, learn how to lock your information away using “encryption“. For Windows and USB keys try the portable program FreeOTFE or FreeOTFE Explorer. If you think your courageous enough, you can learn to use high powered security locking with Gpg4win.
Personally the Mac makes it easiest. All you do is use Disk Utility to create an AES-256 encrypted disk image with a password, put your sensitive files in it and then close it. Only high powered governments or thieves with the right super gear could crack it.
Check out Creating Disk Images with Disk Utility and How to create a Mac encrypted disk image from Mac.AppStorm and Lifehacker. Another good one is How to Use Encrypted Disk Images to Secure Files on Macinstruct. If you try to encrypt everything you’d never finish — go for the important stuff like financials or identity information.
(Again, there are a few other things you could do however I’ll leave that to the upcoming book.)
Now your new challenge is keeping the password locked up in your head.
Case 3: The Gas Station and Friends (Credit Cards, Businesses)
Even the best preparation might be useless. A scam artist on eBay once used the fake identify of a business woman in the United States to try and buy something from me. Lucky for her it was suspicious enough that I didn’t go through with it and PayPal stopped the thing cold. Unfortunately I was charged a fee for the return of funds even though it had nothing to do with me.
Later on the business woman called me after she found out about her identity theft. It turned out that the credit card she’d been using had only been used for gas. How in the world did the scam artists get a hold of her credit card information?
There were too many possibilities running through my mind. The cashier could have taken it down with the security code. Hackers could have stolen it from the credit company or hacked the credit card scanner to steal the information (in Ontario, there was something like that with a hacked debit card machine). I only hope her credit company had fraud protection similar to PayPal’s Buyer or Seller Protection.
Sometimes the simple, unseen things can get you (and them) and that’s where it hurts. In this case it seems there’s very little you can do to stop it when it happens. In this case, follow up, call the companies or the government, watch banking and credit statements regularly and be careful to check out anything weird.
The sooner you follow up, the less pain you’re going to feel. (Trust me, I know that feeling…)
So you’ve seen 3 security mistakes that could put your information at risk: having old software that hasn’t been made squeaky clean, putting personal information on big, big computer drives without locking it up and forgetting to check your financials and other identity related things on a regular basis. In these cases, you see businesses and government are far from perfect too. Are you on top of your game here?
Ultimately you and I have to weigh the good and bad of too much security versus convenience because the more paranoid, security crazed you become the harder it is to cover it all. There’s just too much information (important or not) to protect.
PS. As you can tell, security is never 100% perfect. I try my best to store all confidential information in highly encrypted disk images especially client information. And of course everything is under password lock and key (though a very serious thief can beat that unless you do some specific things…).Did you like this? If so, please bookmark it, RSS feed.