As I was driving to work a couple of weeks ago, I stopped at a
neighborhood gas station to fill up since I’d be traveling over the
weekend. While some may attest that I’m paranoid, it seems a little over
the top to lock my truck doors before I start to gas up and pay at the
pump. But when the pump rejected my credit card, I had to go inside to
pay.
I came out to find my backpack had been stolen out of the cab of the
truck.
I was a little dazed. I was a little shocked. I was a whole lot annoyed.
I had to go home and explain to my husband that someone had stolen my backpack out of
my truck while I was getting gas.
The first question I got was, ”What did you lose?”
”Everything,” I replied, a little testily.
”What’s everything?”
”My laptop, my pager, my PDA, my iPod, two power supplies, three cables,
a video adapter, two project notebooks, a consulting journal, a personal
journal, my cheater book, a fork, two knives, and my wallet… more or
less.”
”You’re kidding, right?”
”Nope.”
At that point he just looked at me. I don’t know whether he was more
unnerved by the actual contents of my backpack or my ability to recite,
off the top of my head, the contents of my backpack. (I don’t think it
was the two knives.) I simply think he’d never realized that when I say I
live out of my backpack, I actually mean, if I have some place to sleep
and my backpack, I’m pretty much all set.
A little network sniffing and I can have access too.
However my proclivity toward paranoia and over-preparation for the worst
in life isn’t the real story here. The real story is what I went through
— and am still going through — to get things together again. To me,
calling the bank, killing three credit cards, and sending a letter to the
RMV regarding my driver’s license is simple. I also replaced my
Department of Defense ID and bought another T pass (I won’t be driving
again for awhile.) As long as you know the contents of your
wallet/purse/pack, this is all mechanics.
What’s on Your Machines?
The not-so-easy part was deciding what was on my PDA, my pager, and my
laptop that might be confidential or sensitive — or even more
importantly, what might be someone else’s sensitive data that might not
be immediately obvious. How do I know (or find out) what was on each of
these objects?
The pager didn’t have anything but email addresses, so that wasn’t so
bad. The PDA had my address book on it, a listing of people (including
their mail, email and phone numbers) who I do business with all the time,
and my schedule. Another win for me.
Now, my iPod isn’t a security threat, but I’ll be spending a bunch of
time with my CD collection again.
My laptop, however, is another story. I live in email. If something is
happening in my life, it’s in my email. Appointments, requests for
assistance, billing/payment information for my personal finances — you
name it, I’ve written a note about it and saved it under unsent mail at
one time or another.
I’ve got other stuff on my laptop, certainly. My scheduler has all the
numbers to my bank, all the data for my relatives… everything. (Have I
stressed before exactly how important it is to NOT TO USE your mother’s
real maiden name?)
Fortunately (again) for me, I had just deployed this laptop. That means I
hadn’t had the chance to put project data and sensitive information from
another department regarding their security concerns on its hard drive. I
was able to go back to the office, get my old laptop and know exactly
what was on the hard drive.
I can fix my own stuff. That I can deal with. But had it been someone
else’s stuff on that stolen laptop, I would have had to notify them about
the risk that my own carelessness exposed them to. Then I would have had
to help them decide what appropriate action to take. If I had had a lot
of those situations to deal with, it could have been very damaging to me
and the organization.
Can you, right now, from memory make a list, with any certainty, of the
contents of your hard drive? Can you reproduce all those records for
auditing purposes or to use in notification procedures in the event it is
stolen? Do you do backups?
If the answer to these questions is, yes, then you have fewer worries.
You’ll only have to recreate from your last backup forward. You can see
here how an annual backup isn’t an optimal strategy. If you don’t have a
backup, I hope you have good paper documentation or an excellent memory.
Otherwise, you have no way to tell definitively what was compromised.
Protecting Your Data
This notion extends to your personal data as well.
The loss of credit cards can be compounded when you don’t report them all
as stolen. Not only can they be used against you, but they can be used
to create a whole new credit history. Carrying 30 cards serves no
purpose. Sure it’s nice to have specific cards for Home Depot, Macy’s,
Lowes, the Disney Store, your local credit union, your car manufacturer,
and your frequent flier miles. But really, why? What you put on one
doesn’t earn you points on another.
I had three cards in my wallet. There was the card I use for purchases in
the real world, the card I use for purchases online, over the phone and
for monthly recurring charges, and my business card. The nice thing here
is that I also know for sure what the last charge was and what amount it
was for on each card. When I cancelled the cards, I was able to verify
they hadn’t been used fraudulently.
Finally, I’ve initiated a fraud watch on my credit reports, as well.
It’s a lot of work losing your stuff. It’s better to be prepared.
What’s in your wallet?