Safe Zone LLC - Travel Safety, Article 5 - Information and Data Security

Travel Safety, Article 5
Information and Data Security:

Let's start this section by dousing a myth. Your telephone conversation is private. Wrong! There is no such thing as private communications. Whether you are talking on a land line or a wireless device, the odds are very good that someone is listening to your conversation. The longer the distance your conversation travels and the more wireless devices you employ, the more likely it is that someone is listening in.

Communications companies monitor their equipment. They have to. Whether it is a technician in the field, in the central office, a toll center, or a cellular site, they often monitor conversations for a variety of reasons all related to their job. While most companies forbid employees from monitoring calls just for the sake of monitoring them it happens with some regularity. With today's digital equipment, you never know someone is listening. Voice Over Internet Protocol (VOIP) simply adds another layer of technology to the mix.

Federal law forbids communication employees from disclosing information contained in the conversations they hear but monitoring the call is legal.

In simplistic terms, you can think of any wireless device, cordless phone or cellular device, as a two way radio. Anyone on the same frequency can monitor the call. It's a bit more complicated than that, particularly with cellular because the phone and the tower operate on different frequencies but the call can be monitored. While analog devices are much more prone to monitoring than digital devices the safest rule of thumb is assume your call is being monitored.

Unless you've been living in a cave, you know the news is filled today with the Federal Government's efforts to monitor cellular phone calls as one means of fighting terrorism. That is another group that may be monitoring your calls. So, what's the big deal? Giving your credit card information over the phone is one thing. If someone picks up the information and uses your card number you are protected after the first $50 dollars. Providing information on your bank account or 401K account over the phone is something else all together.

Let's assume your spouse calls you and asks you what your social security number is. Instead of rattling it off, your answer might be, "the same as yours but the last four digits are XXXX". That allows you to convey the information without allowing anyone that might be listening to know what your social security number is.

Establish easily remembered but non-intuitive passwords for critical information. It may be something as simple as your mother's zip code followed by your initials. Six months down the road if your husband calls and asks for the password to that account your response is, "mom's zipcode". That should be enough to trigger an, "oh, yea. right." Obviously, that is something that has to be set up in advance.

Protecting Data on Laptops:
We recommend following a two step security process:

Do not store any sensitive data on a laptop when traveling internationally.
If sensitive information must be stored or used on a laptop’s hard drive, the information should be encrypted.

If you travel internationally, then you need to understand that foreign governments simply don't operate by the same rules. It is not uncommon for the foreign government's security or intelligence organizations to operate in complete cooperation with hotel staff. They will enter your room and photograph any business documents and download data from a laptop. Their goal is not to steal anything other than the data. In intelligence circles it's called a "black bag operation". Some countries, like China, have customs regulations that provide for the seizure of computers to review contents. Encrypted information must be decrypted or decryption keys provided.

Never take encrypted data into a country that forbids it. See below for additional information.

Sensitive data may include your:

Social Security Number
Driver’s license number
Income tax returns
Bank account numbers
Credit or debit card numbers
Other banking information in combination with any required security code, access code, or password that would permit access to an individual’s financial account.
Any information deemed sensitive to your business such as:

Customer data
Business financials
Business security codes, including door codes.
Research data
Intellecual property

Laptop computers should be protected by ensuring you have them in your possession at all times or by using a locking mechanism such as a Kensington lock.

One of our colleagues left his briefcase containing his laptop in a conference room long enough to walk to a cafeteria and bring back his lunch. In the space of ten minutes, someone had stolen the laptop but left the briefcase sitting where our colleague had left it. No one questions a person walking down the hall with a laptop. Everyone just assumes it belongs to that person.

Information Security Measures:

Install host-based protections including a personal firewall, anti-virus software, and anti spyware software.

Make certain your laptop is set up to apply all security patches for your operating system and web browser.

Ensure that there is a required login/password for the operating system. Implement BIOS and hard drive password locking on your laptop to make it difficult to access your data if your laptop is stolen.

Change all passwords after each trip as a precaution.
Encrypt folders containing sensitive data to reduce the chances that a thief or hacker will be able to access your data.
Consider the purchase of asset tracking software at the time of your purchase.

It allows you to trace your PC if it is stolen and can delete data remotely. Here is a write up by Absolute Software on one of their products.

"ComputraceComplete provides Computer Theft Recovery, Data Protection and Secure Asset Tracking^tm. The product is centrally managed by IT, and meant for customers with large populations of remote and mobile users. In the area of computer theft, the product deters theft, minimizes computer drift and recovers stolen computers. If your computer is stolen, the Absolute Recovery Team partners with law enforcement to track and recover it within 60 days or you may be eligible to receive up to $1000 back through our Recovery Guarantee. The remote data deletion function ("Data Delete") enables customers to remotely delete sensitive data on target computers that have been stolen or lost. It can also be used for lifecycle management to ensure that computers are left clean and free of sensitive data at the end of their life or lease. For IT asset management, ComputraceComplete gives IT staff visibility to up to 100% of their connected computer assets, including the 40% of computer assets that Gartner Group says are unaccounted for at any given point in time."

Turn off file-sharing and print-sharing before traveling.

Turn off your Bluetooth or WiFi connections when you are not using them.
Use shredder software to destroy deleted files. Just because you deleted those files from your hard drive does not mean someone cannot retrieve them later. A good choice is Window Washer from Webroot.com.
Do not store any data on computers if traveling to countries with encryption restrictions. Refer to the following U.S. Department of State Web page:

“Consular Information Sheets” (http://travel.state.gov/travel/cis_pa_tw/cis/cis_1765.html)

Backup your data before traveling and leave the backup at home.

Never use public Internet kiosks for any type of work dealing with financial or sensitive information.
Don't forget about data stored on MP3 players, mobile phones and USB memory drives. Protect them as you would your hard drive.
We have come to the end of the section on data security and to the end of the information on personal, family, home and travel safety. If you have adhered to the information we have provided you then the chances are very good that you will not become a victim and, if you do, you will have the skills and knowledge to mitigate your loss. There is only one thing left to do and that is to develop a family disaster recovery plan. If you are ready to begin work on your plan, we'll help you through it, step by step. We have the most robust plan available and it comes complete with step by step instructions. We'll cover some preliminary information first, then take you on to the plan. If you're ready, just click here.

©2007 Safe Zone LLC - Home