When You Lose a Piece of Kit, the Real Loss Is The Data It Contains
These days, losing electronic devices is less about the hardware and more about the data. Hardly a week goes by without another newsworthy data loss. People leave thumb drives, memory sticks, mobile phones and even computers everywhere. And some of that data isn't easily replaceable. Sure, you can blame it on personal or organisational sloppiness, but part of the problem is that more and more information fits on smaller and smaller devices.
My primary computer is an ultraportable laptop. It contains every email I've sent and received over the past 12 years - I think of it as my backup brain - as well as an enormous amount of personal and work-related documents.
I have several USB thumb drives, including an 8GB drive that serves as my primary backup while travelling. It contains a complete copy of the past 12 months of my life. A larger USB portable drive serves as my primary storage device for photographs; I carry that around regularly, too, as I like to edit my photos on flights.
My mobile phone is a Palm Treo smartphone. It holds not only my frequently called phone numbers, but my entire address book - including any personal notes I've made - my calendar for the past 10 years, hundreds of emails, all my text messages and a log of every phone call I've made and received. At least, it would if I didn't take specific pains to clean that information out once in a while.
Backup DVDs. iPods with calendars and address books. USB drives with portable desktops. I could go on. The upside to this is that so much of our information is at our fingertips. I travel so extensively that I need my office anywhere I am, so I want everything with me everywhere. The downside is that it's now amazingly easy to lose an enormous amount of information. And there are two problems with that. One, you've lost the information. And two, that perhaps someone else has found it.
The first problem is easily solvable with backup. Everything you own should be backed up regularly. Not just your computer, but your PDA and mobile phone and anything else with personal data. Backups should be tested regularly. There's nothing worse than losing something and having the backups fail when you try to restore to a replacement device.
The second problem is solvable several ways. The best way is encryption. On your computer, hard-disk encryption programs like PGP Disk or TrueCrypt allow you to encrypt files, folders or entire disk partitions. Several manufacturers market USB thumb drives with built-in encryption. Some PDA manufacturers are starting to add password protection - not as good as encryption, but at least it's something - to their devices, and there are a few aftermarket PDA encryption programs. I use these wherever possible, and I strongly recommend that everyone else do the same.
Where encryption isn't possible, pay attention and erase unneeded data. Delete old emails from your BlackBerry, texts from your cellphone and old data from your address books regularly. It can be difficult to know exactly what your PDA is storing, and how to erase it. Manufacturers could help with this by introducing better functionality and thereby making the devices easier to use.
Another thing manufacturers can do is to provide the option to delete the data remotely if the device is lost. This is still a new idea, but it's gaining traction in the corporate market. These systems frequently allow for remote backup of the data, solving both problems at once. One last piece of advice: for work-related equipment, you should follow your company's backup and security policies.
The goal here is peace of mind. When people lose computers or phones or USB drives, the real loss isn't the physical object, but the data contained within it. And while we won't be able to make these devices harder to lose, especially as they continue to shrink in physical size and grow in data capacity, we can make their loss cost merely money, not information or privacy.
Categories: Computer and Information Security