Friday, April 16, 2021

Security Tips from an Embattled Road Warrior

During the past few months, I’ve reverted back to being a ”road

warrior” of sorts. Apart from spending far too much time with my 1K

buddies over at United, all the travel has made me think about the

security of the data on my laptop, PDA, and (Linux-based) phone.

Think about it a bit… How do you protect your data on your traveling

laptop? Chances are that your company supplied you with a laptop along

with the usual suspects of security software: anti-virus, personal

firewall, and maybe even some anti-spyware software. If you’re really

lucky, you also got some encryption software and such with that laptop —

even if you had to buy it and install it yourself.

But what about your data? Allow me to explain.

While traveling, I’ve been watching what other travelers do, in addition

to being perhaps a bit overly paranoid about my own data. Here are a few

things I’ve noticed:

  • We all have some of our own stuff on our laptops, personal

    electronic gizmos, and such. It probably covers a spectrum from ‘so what

    if I lose it’ (e.g., copies of our favorite music files) to ‘I don’t want

    anyone else to get this’ (e.g., local copies of personal finance

    management software). You’ve probably got some personal email, as well.

  • Consider, too, the shared security attributes of the sites that we

    connect to. Ever use that public access ‘business PC’ at the hotel to

    print out your boarding pass for tomorrow’s flight home? How did you log

    into the airline’s Website? Do you use that username/password anywhere

    else? Not a problem, you say, since the Website is SSL encrypted? Don’t

    take that confidence to the bank!

  • When we travel, we’re not always as careful as we ought to be about

    our data. When you put your laptop through the airport security

    magnetometer (sometimes erroneously called a metal detector), do you make

    sure your laptop went in before you walk through yourself? When you’re at

    a business meeting, do you leave your laptop in the meeting room while

    you and your buddies go out to lunch? When you leave your hotel room at

    night, do you leave your laptop in the room?

    Are you thinking I’m being too paranoid? I’ve heard that many times.

    However, consider this: I’ve had two laptops stolen out of the trunk of

    my car in broad daylight while attending a conference, and I’ve had my

    hotel room broken into and personal items stolen twice while on vacation

    with my wife (in the paradise of Hawaii, no less!).

    I’m not making up bad things that might happen. I’m responding to bad

    things that have happened to me. If that doesn’t make a (security) guy

    paranoid, I don’t know what will.

    So, here are a few suggestions on how you might want to protect your

    data. Well, you also can protect your company’s data this way, but let’s

    not kid ourselves as to why we really want to protect what’s on our

    laptops.

  • Be paranoid and vigilant. Keep your valuables with you at all times.

    Sure, it’s a pain to carry that bulky laptop bag to lunch, but it’s worth

    it.

  • Never, never, never enter re-usable username/password credentials on

    a public access computer. The chances of that computer not being a

    veritable digital petri dish of malware are very low. The chances of

    someone else snarfing your username/password or other sensitive data —

    you didn’t use a credit card there, did you? — are significant.

    When I use a hotel’s printer, I put the file I want to print onto a USB

    stick and take the USB stick to the public access PC to print the file.

    If I’m feeling really dirty after that, I re-format the USB stick on my

    Linux machine at home. (Even printing directly from a Web application

    (e.g., airline boarding pass) is easy this way if you use a virtual

    printer like eFax (www.efax.com) to capture the printer output and save

    it into a .TIF file.)

  • If you travel with a PDA, smart phone, or other personal electronic

    devices, make use of all of the security features that they have to

    offer. For example, my phone is GSM-based, and I use the PIN lock feature

    to lock the small SIM smartcard inside the phone. That way, if someone

    gets my phone, they’ll have to enter the PIN to use it, and after three

    failed entries, the SIM locks itself and all the data on it. That won’t

    stop everyone, but it’ll sure slow down a lot of people.

  • If you use wireless networks when you travel (and who doesn’t these

    days), be certain to use good personal firewall software on your PC, as

    well as an IPSec-based VPN to connect to your office network, if at all

    possible. That’ll keep the miscreants at public hotspots at bay. At

    least, they’ll be more likely to go after someone else…

  • Encrypt the stuff you don’t want anyone else to see. Oh, and store

    that stuff on small, removable media that you keep with you at all times.

    I grabbed a 1 gigabyte USB2 stick about a year ago from one of the

    megastores when it went on sale for about $40. In fact, I keep a few USB

    sticks with me. They’re perfect for protecting my most important stuff

    (like draft copies of these columns, of course).

  • The stuff that’s too important to keep even on a USB stick that

    stays with you at all times should not be traveling. I have a couple of

    PGP secret keys that don’t leave home, for example. I also don’t travel

    with the RSA one-time password that I use to access my investment funds.

    That stuff can wait until I’m home. The ox is slow, but the earth is

    patient.

  • Oh, and you do have backups at home, right?

    If you’re thinking all of this advice is fine and well, but it would take

    far too much time to actually implement, consider the amount of time and

    effort it’ll take you when someone steals your identity and riddles your

    personal credit history with all sorts of nasties that you could have

    prevented.

  • Similar articles

    Latest Articles

    Best Data Quality Tools...

    Data quality is a critical issue in today’s data centers. The complexity of the Cloud continues to grow, leading to an increasing need for...

    NVIDIA’s New Grace ARM/GPU...

    This week is NVIDIA’s GTC, or GPU Technology Conference, and they likely should have changed the name to ATC because this year – it...

    What is Data Segmentation?

    Definition of Data Segmentation Data segmentation is the process of grouping your data into at least two subsets, although more separations may be necessary on...

    The Conversational AI Revolution:...

    One of the things I’m looking forward to seeing at next week’s NVIDIA GTC event is an update on their Conversational AI efforts. I’m fascinated...