10 Comments

Summary:

If you’ve ever been robbed in a public place, you’ll know all too well the feeling of horror that ensues. For the remote worker on the road, that horror increases exponentially with the realization that you’ve lost your work, your colleagues’ details and data, your stored […]

securityIf you’ve ever been robbed in a public place, you’ll know all too well the feeling of horror that ensues. For the remote worker on the road, that horror increases exponentially with the realization that you’ve lost your work, your colleagues’ details and data, your stored access passwords, and so on.

With your computer, that thief may also be able to access your and your contacts’ personal details, your online banking and payment accounts, email accounts, and other accounts on sites through which you may purchase goods, store sensitive data … the list just goes on!

Of course, web workers are likely to find ourselves in public spaces carrying valuable equipment more frequently than our office-bound counterparts, so the chances of our being victims of theft aren’t low. Don’t wait until your stuff is stolen to put adequate protection in place. This checklist should provide you with a solid plan for protecting your data — as well as software and hardware — against theft.

In creating a protection plan for my gear, I thought about the theft of my stuff from three perspectives. If my gear was stolen, I’d lose hardware and software, my IP or product (that is, the work I’ve done and am doing), and my personal data, like access passwords and information stored on the associated sites and services.

1. Protect hardware and software with insurance.

In my mind, the last thing I’d want to do if I’d just lost my work gear, data, contacts, possibly cash (if my entire bag has been stolen) and so on, is go out and pay to replace everything.

Is your remote working kit — your computer, phone or PDA, camera and any other gear you might use — insured? If you don’t have insurance, you should definitely consider it. You may be able to claim the insurance premium as a tax deduction, which will nullify its impact on your income. Since insurance is a pretty competitive market, you should be able to get a reasonable deal if you shop around.

If you do have insurance — perhaps as part of a home or office contents policy — double-check to make sure that your items are covered if you take them out of the house or home office. In checking my insurance policy I found that, for example, my computer would be covered if I took it out of the house, but only to a maximum value of $1,000, and only if it was stolen while I was in a building. So if my gear was taken while I was at the park, it looks like it wouldn’t be covered at all.

Also make sure the policy you choose covers you for business losses — my default policy provides only limited cover for home business equipment, so I’ll need to speak to my insurer to make sure the items I use for business purposes are covered.

Okay, that’s the hardware and software dealt with. What about my work product?

2. Protect your work product with regular data backups.

Your data is your IP, your product, your commodity. Imagine how you’d feel if, right now, you lost everything you’re working on. If you know you have a nice current backup of your hard drive somewhere, you’re probably smiling smugly to yourself. But if you’re one of those remote workers who never seems to get around to backing up your data, let the possible theft of your gear motivate you to put a reliable backup process in place.

We all need backups. Maybe you’ll burn key files to CD. Perhaps you’ll copy your entire hard drive to an external device in your (or someone else’s) office. You could easily store your stuff on a server on the other side of town, or the world, or use a cloud-based backup service. Whatever method you choose, try to reduce the risk of losing both the backup and on-device data by ensuring your backups and your computer aren’t stored or transported together.

If you can’t arrange automatic backups of your data, set a reminder in your calendar — every Thursday at 4pm, for example — and refresh your backups manually so you can be sure they represent the latest data. If something happens to your gear, you’ll be glad you had the foresight to back up your data. I promise.

3. Protect your online identity with a password storage plan.

The last piece of the puzzle is your passwords and other details that give you access to online services and sites, and the information you may have stored there — your online identity.

If you’re like me, you probably have more access passwords than you care to — or can — remember. I rely on my browser to remember most of them for me. Yet I’m sure that one of the first things I’d want to do if I lost my stuff would be to log into all my accounts and reset my access passwords. In considering this issue, I realized I don’t even know the access details for my home web connection, let alone my ISP-hosted email account, so I’d have some serious trouble resetting passwords on the sites I use.

The first, and most obvious tip, is to set an access password for your computer itself. If you haven’t done that already, you should!

The next step is to consider password management for all the online services and systems that you use. Obviously, choosing a password storage methodology is the important part of this equation. Of course, the option you choose will affect how quickly you can log in to the sites you use to reset your passwords.

Basically, we have two choices:

  1. localized storage: writing passwords on a piece of paper that you keep in your wallet/under your pillow/inside the third garden gnome from the left on your back porch; storing them in a USB key stuck to the wall above your desk; storing them on your computer using password storage software
  2. globalized storage: storing passwords in a file with your online backups; sending them to your web mail account in encrypted format, and saving the obscurely-titled email in a suitably obscure folder; using an online password storage system

Once you’ve chosen a storage option, make sure your list of passwords is updated at the same time you update your other data backups. That way, you can reset all those passwords as soon as you can get web access after your gear is stolen.

These are the basic precautions I’m taking to protect my gear in public places. What have you considered in protecting your gear, IP and online identity against theft or damage?

You’re subscribed! If you like, you can update your settings

  1. For online storage, have a look at Passpack

  2. I use Firefox which has a wonderful option: require a password to access your stored passwords. I had to have a tech remote-access my computer a couple of weeks ago and each time we re-started & he wanted to get back onto the web to check things, I had to enter the password. I use other browsers to do things (Chrome, Opera), but do not store passwords in them. Firefox is where they all are (I also use XMarks to remotely store my passwords). But, this tech said he had never seen my usage of this Firefox feature before. It’s a great way to make sure that even if someone DOES get into your computer, they are unable to access your sensitive passwords that are saved in your browser. This Master Key is not written down anywhere & it’s completely different from any other password I use. I feel more secure that even if someone does get into my computer, most of my data will be inaccessible to someone tryinng to take over my browser.

  3. If you primarily use a laptop then make sure you have a BIOS password set that requires you to enter it when the laptop is switched on or comes out of hibernation.

    If you check the website of you laptop manufacturer you should probably be able to find how to do this.

  4. I keep all but the boot sector of my laptop hard drive encrypted so that if the hardware falls into the wrong hands, the much more valuable data does not. The most sensitive information on my laptop is further protected in a TrueCrypt volume which is only active during those brief periods when I need access to that data.

    FTR: All it takes to get at data protected only by a BIOS password is to install the stolen hard disk into another machine.

    1. Yes, if you’re worried about data theft you really do need to encrypt it, not just set a BIOS password.

      1. Fair point, but then you’re into the realms of people stealing your laptop for the data held within, which is far more sinister than somone mugging you for your laptop because they need to buy some smack.

        If, hypothetically sspeaking, you pay 50-100 bucks for an obviously stolen laptop that has a BIOS password, are you going to spend the time taking the HDD out just to look what’s on it, or are you going to reset the whole thing to factory default and install your cracked version of windows on it?

      2. @Steven: Although I agree that the data may not be useful to the thief who steals your laptop, the problem is that having sensitive data “on the loose” can make it available to others who might do nefarious things with it. What if the thief, instead of installing their cracked version of Windows on it, sold the whole thing online thereby making the data available to others?

        The bottom line is that if you have customer, employee, corporate, intellectual property or other non-public data, you should encrypt it. Otherwise, you could find yourself in a legal mess.

        TrueCrypt can encrypt your entire hard drive, including the operating system, transparently. After entering the password at boot, you won’t have to think about it. Everything is encrypted/decrypted behind the scenes.

  5. I agree with Steven.
    Security is a smooth process. A BIOS password is better than nothing.

  6. For password management and security issues with passwords I use Sticky Password. It is a great solution for this and I’m using it for years.

  7. I use software called Passware. I like it.

    While in college I left my laptop unattended for about 20 seconds while I went to pick up a paper from the printer. When I returned it was gone, along with all of my information and term paper due in seven hours.

    Moral of story: ALWAYS HAVE MULTIPLE RELIABLE BACKUPS!

Comments have been disabled for this post