Computer Forensics Expert: Traveling? Treat Your Laptop Like Cash!

In today’s society, traveling with a laptop seems like an everyday occurrence, whether for “mobile office” or just personal use. There are some things you should be aware of when traveling with your laptop. Since it is portable and portable items can be easily lost or stolen. Here are a few tips to help avoid heartache and an employer’s wrath.

#1 Treat your laptop like cash. Some of the information might be replaceable. Other information, however, may be irreplaceable. There is also the risk of someone using the information to further their cause (attempt to sell it back to you, or one of your competitors). If nothing else, it will be the hell and countless hours you have to go through to get another machine and get it setup just like the laptop which disappeared.

#2 Never leave your laptop alone and exposed, ANYWHERE! Not in the car, not in a conference, not anywhere someone armed with a crowbar or just a bag can easily grab it. Airports are especially notorious for this type of theft.

#3 Invest in a security lock. These long steel cables can be used to lock your laptop to a bench, table, or other stationary object, via a dial (or padlock) which can only be removed by someone with the code or key. Otherwise, the computer has to be damaged to remove it from this lock. One way to increase the difficulty of taking your laptop from an exposed area is to run the cable through the handles of your brief case, thus adding a damper to a swift pull. That is: if your handles absorb some of the tug of someone trying to make off with your laptop, it will be much harder for them to yank the lock mechanism from your laptop. We recommend that employees be required to use a lock even if their laptop is in the trunk of the car. If attending a conference, the laptop should be locked to a table or some other object which is difficult to move. The idea is to deter the casual thief. Most thefts are non-targeted and opportunistic. By placing a lock on your laptop you are preventing this from possibly happening. A good lock costs about $25 and can be found at most electronics retailers.

#4 Never carry written passwords with your computer. If you must write down passwords (we recommend you never do, but we realize this is not realistic for some) keep them in a separate bag or in your wallet. So in the event your computer is stolen, you still have your passwords which can changed if needed.

What Is Your Computer Security Score? Take The Following Quiz

Business owners, board members and managers must depend upon accurate and accessible information to make important decisions. The theft, damage or unauthorized disclosure of an organization’s mission critical information can be a disaster. A company can be crippled or forced out of business if it’s deprived of the data needed to function.

The world is in the middle of a cybercrime wave. The losses are huge. The total dollar amount exceeds that of the illegal global drug trade. Crimes that target an organization’s confidential information are low-risk and high-return. Data breaches are hard to prevent and difficult to prosecute.

Cybercriminals are constantly on the prowl looking for vulnerabilities to exploit. Thousands of computer networks, mobile electronic devices and personal computers are compromised every day. When hackers and crackers discover vulnerabilities they will exploit the weaknesses and attack for nefarious purposes.

A wise owner, manager or board member would want to answer the question posed in this document’s title, “Can your organization survive a cyber intrusion?”

Just honestly answer the questions that appear on the following page and test the robustness of the security of your company’s information system.

Quickly Test the Strength of Your Organization’s Computer Security

Answer the questions below with either a “Yes” or “No”.

1. Has your company adopted a formal, written information security plan?

2. Does your company have an inventory of all of its information assets?

3. Has each information asset been classified as to its importance?

4. Do all of your employees have information security awareness training?

5. Does your organization maintain a backup of its information in a secure, off-site location?

6. Are you certain that your organization is in compliance with all laws and regulations related to the collection, sharing and use of its private confidential information?

7. Do you have a plan to fend off a cyber attack and respond to a security incident?

8. Do you have a hardware and data destruction plan?

9. Does your company have a mobile security plan?

10. Does your company use access control policies?

11. Do your employees sign-off on appropriate use policies?

12. Do you use encryption?

If you answered “No” to any of the above questions your organization is vulnerable to a cyber attack. It’s that simple. You are strongly advised to take steps to reduce the risks and strengthen the security of your computers and networks.

Become proactive about information security and start protecting your digital assets. Read and learn as much as you can about computer security. Make information assurance a mission. Pay as much attention to security practices throughout your organization as you do accounting, shipping and marketing.

Protecting the confidentiality, integrity and availability of your mission critical data should be one of your most important tasks. At Paladin we encourage you to make it happen.

What Should Your Employees Know About Computer Security?

The number one threat against the security of your information system is the insider threat. Make sure that your employees know how to safely function with computers. Failing to do so is a lack of due diligence on your part.

Among what employees should know as a bare minimum is listed below:

What type of information does your company process?

What are the employees’ basic responsibilities for information security?

What are the components of the organization’s password policy?

What are the security best practices that employees should follow?

What qualifies as a clean work area that supports security?

What type of threats should employees be on guard against?

What are some common attack methods?

What actions should employees take when an attack occurs?

What are the company’s email policies?

What are the company’s social media and web surfing policies?

Your employees should be aware of how raw data is processed to create information and how it is used by your business to make important decisions and a profit.

Get it wrong and the company loses.

The people who work for you and third parties who come into contact with your system should be viewed as possible threats. That is why an information security plan should be in place and everyone should be aware. Anything less is the equivalent of having your proverbial “pants down around your ankles”.

Every employee is responsible for computer security and the assurance of your digital assets. People who obtain and process company data should be aware of all their responsibilities. Those who work for you need to be aware and accountable.

Each individual who works in your organization should be security aware and know what to do in the event of an attempted or actual attack. Anything less and your people will fail.

Everyone should know how to maintain a safe workspace, in which sensitive papers are removed from view. Workers should know how to lock their keyboards to keep passersby from observing screens and accessing terminals.

All people in the company should know how to create and maintain robust passwords or multi-factor authentication. Passwords should be complex and periodically changed. An organization-wide digital security program should be maintained and periodically evaluated.

Policies relating to security should conform to business and industry best practices. They must be part of each employee’s security awareness training. For example, the people who work for you should know that storage media from outside of the office must be properly scanned before introducing it into your information system.

Your people should be aware of the common attack methods that cyber criminals and others use. A seemingly innocent request for information over the telephone could be the beginning of a social engineering attack designed to obtain crucial information to break into the company’s system.

Email needs be a part of the organization’s policies for protecting sensitive information. Once again, having policies should be a part of an organization’s due diligence effort to keep cyber criminals at bay and out of your system. Your workers must know how to handle various situations that arise. Simply clicking on a malicious link could compromise your entire system.

The use of social media platforms and surfing the Internet could open up multiple avenues for malicious users into your system. You employees need to know what is considered to be an acceptable practice when it comes to using Internet resources. You company could be found liable, for example, if an employee wrote something disparaging about an ethnic group or your assets could even be used for illegal purposes without your knowledge.

Maintaining the confidentiality, integrity and availability of your company’s mission critical information requires that those who work for your company should have the tools to do so. Having a formal information security plan is a basic necessity. You are in real trouble and have already lost the battle against cybercriminals if you don’t have a plan. And if you do have a plan and your employees are unaware – the same holds true.

You must start treating computer security as a business process.