In the last few days, some 13,000 residents in the Gulf region, including Louisiana, Mississippi, Alabama, and Florida, received letters from the BP. It seems that a BP employee lost his laptop. Laptops go missing all the time. Their very portability is also one of their biggest problems. Now an employee losing his laptop is not necessarily news-worthy, and certainly not cause in and of itself to bother those folks in the Gulf region. Goodness knows they’ve been bothered enough already by BP. It turns out that the employee had personal information about those 13,000 employees (read, their names and social security numbers along with all sorts of other interesting tidbits about the claims they made for losses caused by the Deepwater Horizon incident) on that laptop. And the laptop was unencrypted. What is the significance of encryption? It means
that a single layer of protection was in place to guard all that information - a logon password. If the thief removes the hard drive from the laptop, the information on that drive is there for the taking. As if those folks have not already endured enough, now they need to be worried about identity theft.
In my former life (pre-retirement), I was an Information Security Officer, and it was my job to be sure we (the State of California) took good care of the information we collected. Not wanting to rant on a soapbox here, I won’t go into the drill about what that entails. But I do want to say a few words about personal information and the things we all need to do to protect ourselves:
1. Shred those credit card ‘invitations’ you get in the mail. It is amazing what unscrupulous people can do in your name with those invitations after they fish them out of your trash.
Don’t give your social security number (unless it is for tax purposes – the original reason SSNs were created). I am not sure what BP was doing with those SSNs, besides using them as identification numbers, not one of the things allowed to do with them.
Don’t put anything in an email or text message that you are not okay seeing in somebody’s Facebook post, blog, or the front page of a newspaper. This includes your personal and financial information.
If you keep personal information on your laptop (and who doesn’t??), encrypt the laptop, or at the very least, encrypt the personal information. Make sure you have a ‘strong’ logon password, and if possible a password to access the personal information. It is a pain to deal with passwords, true, but if your laptop walks away someday, you’ll rest a little easier knowing the miscreants will have to work a bit harder to get to your stuff.
Keep a current backup of your laptop somewhere safe. If the laptop disappears, you’ll want that backup for all kinds of reasons.