If you think that your tangled Cat5 in the server room is a mess, wait until you look at your network drive file structure. Licensed from Stock Exchange.

This is the seventh post in a series about data breaches you can prevent. We’ve covered Phones and Personal Computing Devices, Your Browser, Your Inbox, Your Thumb and External Drives, Your Old Computer, and Your Cloud Backup. Finally, we’ll discuss Your Network Drives.

Most companies have an internal corporate network with one or more shared network drives. If your company network drive is typical, it’s a layered mess of multiple naming conventions, files from employees who haven’t been around for years, and old documents with unrecognizable file extensions. Frankly, it’s impossible for anyone to know exactly what’s there.

Sometimes breaches happen when the internal network is not properly segregated. Only individuals or departments with a “need to know” should have access to sensitive information. The Human Resource department should never have access to trade secrets, while the R&D department shouldn’t have access to HR data. The Executive team should have access to confidential client information, while that information might be best kept away from the Sales department.

Aside from inappropriate network segregation network drives, like all computer devices, are eventually replaced. Old hard drives are sometimes donated to schools, sold on Ebay, thrown away, recycled through Best Buy or a similar program, or just stored and forgotten.

Several researchers, including Simpson Garfinkle, have demonstrated that with a small budget you can recover hundreds of thousands of pieces of personal information from used hard drives. Like other computing devices, old network drives must be scanned and completely wiped of all sensitive personal information before they leave your possession.

Remember the fundamentals rules of all data breaches: 1. If you don’t have it, you can’t breach it. 2. Old, forgotten data is dangerous data. Regularly scan these seven types of devices for personal information so that your next breach doesn’t originate from your own computer.

Cloud backups are like giving your house keys to your neighbor; Except that your neighbor then gives it to his neighbors, but doesn't tell you which ones. Licensed from Stock Exchange.

This is the sixth post in a series about data breaches you can prevent. We’ve covered Phones and Personal Computing Devices , Your Browser, Your Inbox, Your Thumb and External Drives, and Your Old Computer. Next we’ll discuss Your Cloud Backup.

Online cloud computing gives individuals and small businesses access to Fortune 500 computing services, for dirt cheap or free. Consumers have the choice of hundreds of cloud backup and file sharing programs.

A cloud backup is much like giving a copy of your house key to your neighbor. By choosing a trusted neighbor, you can be sure that your house key won’t fall into the wrong hands, and you will be able to use it you ever lock yourself out. You will also be able to change your lock if your neighbor’s house is robbed, or retrieve the key if your neighbor’s house is foreclosed.

If a cloud provider is like your neighbor and your personal information is like your house key, cloud backups go one step further. Each time you give your key to the neighbor (that is, back up a file in the cloud), your neighbor then makes several copies of your key and gives it to several other neighbors he trusts. While this means your key will probably never be lost, you have no way to know who exactly has your key, and retrieving all of the keys may be impossible.

Online cloud computing is still in its infancy, and the legal status of cloud backups can get rather, shall we say… “cloudy.”
You must recognize that once the information leaves your computer, you have very little control over where it goes, who owns it, and how many copies are made, or in which countries the files are stored. You may even forfeit your right to permanently delete a file once you put it online, in the “cloud.”

This issue recently came into focus after what has been called the first documented Cloud Data Breach. A bug in Microsoft’s cloud systems exposed confidential information and caused PC World to lament, “You’d better get used to this kind of thing because we’ll be seeing a lot more of it in the future. All any of us can do is pray we’re not a victim.”

Be sure to scan any files you backup online for sensitive information. If you choose to use a cloud backup service, always encrypt personal information, trade secrets, confidential data from third parties, and other sensitive information before backing it up online. Encrypting this information will ensure that should a breach occur, the information will be unusable to an adversary.

I use a cloud backup service called Dropbox. I love it. I use the program to share non-sensitive pictures with my family who lives 2,000 miles away, and share corporate documents with co-workers.

However, if I really need to back up truly sensitive information, I always encrypt the files before I put them online. Before you do a wholesale backup of your entire “My Documents” folder, make absolutely sure that you either encrypt sensitive data, or exclude it from the online backup. That way if a Cloud breach happens, you can rest assured that you won’t be at increased risk.

Digital pack rat: You probably have a backed-up copy of your old 256 MB hard drive, don't you? Licensed from Stock Exchange.

This is the fifth post in a series about data breaches you can prevent. We’ve covered Phones and Personal Computing Devices , Your Browser, and Your Inbox, and Your Thumb and External Drives. Next we’ll discuss Your Old Windows 95 Computer.

Technology has made it easier than ever to be a digital pack rat. Cheap and plentiful memory probably means that you have backed-up a copy of your old 256 MB hard drive, which you also have stashed somewhere in your basement. Before blindly making back-up copies of old hard drives, make sure that you first delete any information you don’t want to save.

I see this problem haunt people across the country. Once a week a university professor somewhere in the United States copies an archived copy of an old hard drive to a web server, without realizing that the hard drive contained social security numbers of students who graduated a decade earlier. Within weeks those social security numbers can be available to the world via Google.

If you’re a digital pack rat, make sure you scan those old hard drives for sensitive personal information before making backups. Your old hard drive is one of the biggest sources of preventable data breaches you’ll never hear about.

The Law of Portable Device Breaches says that the risk of losing a device, and the information thereon, is directly proportional to its portability. Licensed from Stock Exchange

This post is the fourth in a series about data breaches you can prevent. We’ve covered Phones and Personal Computing Devices , Your Browser, and Your Inbox. Here we’ll explore Your Thumb and External Drives.

Just about anything that can store information can be used to store sensitive personal information. Whether you use an external drive to back up sensitive data, or use a thumb drive to transfer large files from one computer to another. The Law of Portable Device Breaches (which I just made up) says that the risk of losing a device, and the information thereon, is directly proportional to its portability. In real terms, this extremely scientific law means that you’re more likely to leave your cell phone at the bar than your desktop computer.

Readers of this blog no doubt assiduously delete sensitive information from portable devices on a regular basis. But simply deleting files doesn’t actually erase the data. Just like cranberry juice on white linen, personal information stains hard drives.

Simply throwing a stained table cloth in the washing machine won’t remove cranberry juice stains. Likewise, simply hitting the “delete” key and emptying the recycle bin won’t completely remove personal information from your thumb or external hard drive. The hard drive usually remains stained with the sensitive information, which may be recovered until you proverbially “scrub” the drive. This scrubbing is called “shredding” the file, and typically requires at least a three-step deletion process whereby each byte is individually overwritten.

You should always think twice before copying sensitive files, such as tax documents, pictures, passwords, or confidential documents to removable media. Regularly scan removable media forgotten personal information so that when you leave your thumb drive in the taxicab, you don’t accidentally cause your own data breach.

Do you really know where that 2007 list of emailed SSNs is? Licensed from Stock Exchange.

This post is the third in a series about data breaches you can prevent. We’ve already covered Phones and Personal Computing Devices and Your Browser. The next source we’ll explore is Your Inbox.

Many people use web email as an extra online hard drive, saving important files and attachments in an easy-to access location. Yet because other people send you information via email, ironically you have less control over what’s in your inbox than on your hard drive. And the fact that the each email is stored in multiple places makes your inbox an important and often overlooked source of breaches.

Every email can be copied and stored on more than a dozen devices, many of which are not secure. Every time Outlook or Thunderbird checks for new email, a copy of that email or webmail is stored on your local computer. Smart phones also create local copies of your email so that you can open an attachment or read notes from your boss even if you don’t have access to the internet. A copy of every email you write is often stored on your local device (such as your phone), local servers (such as a work server), remote servers (like gmail.com), your desktop, your laptop, as well as all of the devices belonging to the recipient. The “Send” button should be more appropriately labeled “Make more than a dozen copies of this email and send them to insecure devices across the world.”

Keeping track of everything in your inbox and sent folder is a super-human task. Though most of your hundreds of daily emails are mundane, occasionally an unenlightened coworker might send you excel file entitled “Client Social Security Numbers,” or “Customer Username and Passwords.” Once your coworker hits send, the rogue file is copied to hard drives, cell phones, and servers across the world. Without your knowledge, the sensitive information quietly copies itself to your computers and cell phones.

With every copy of the email or personal information, the risks of a breach increase. And each day you receive hundreds of new emails, it is easy to lose track of old emails you were meaning to delete, but are now buried and forgotten. Old, forgotten data is dangerous because it is easily lost or misplaced. Lost email may create a significant breach of personal information, so make sure you are aware what’s in your inbox, because you shouldn’t expect to get a notification if your sensitive email ever falls into the wrong hands.

Your Stored Passwords: Not exactly secured. Licensed from Stock Exchange.

This post is the second in a series about data breaches you can prevent. We’ve already covered Phones and Personal Computing Devices. The next source we’ll explore is Your Browser.

Laptops, desktop computers and smartphones all have built-in internet browsers. A typical browser can store hundreds of passwords and usernames, credit card numbers, contact information, and browsing history. Even though we use our smart phone browsers to do a significant number of online transactions, typical smart phone browsers do not allow users the same degree of privacy control as desktop browsers.

Aside from browser hacks and viruses, it’s important to remember that your browser caches remain intact and accessible even after the machine is lost, stolen, or sold. That’s one reason why it’s important to scan your browsers for personal information and delete unnecessary information, and use a master password whenever possible.
I fancy myself a fairly savvy and privacy-aware individual. I use Firefox and have installed several plugins to help me manage my privacy, including Better Privacy, GoogleShairng, a few PrivacyChoice Plugins, and Abine’s TACO. But when I ran an Identity Finder search, even I was shocked to see the depth of information that my browser stored. It was very sobering to see that my usernames, passwords, and credit card numbers were accessible in plain text. Fortunately, Identity Finder allowed me to delete or secure all of that information.

If your browser caches are ever lost, it may represent a significant breach of personal information. So make sure you are aware what information your browser is storing, because you shouldn’t expect to get a letter in the mail if it ever falls into the wrong hands.

Smart phones are now portable computers which just happen to make calls. Licensed from Stock Exchange.

This post is the first in a series about preventable data breaches. Most Americans have received a letter, telling them that their personal information has been breached. But there are many breaches you’ll never hear about, and many of them are right under your nose. The first source we’ll explore is Your Phone and Personal Computing Device.

Remember when cell phones were telephones? Those days are long gone. The current generation of smart phones are powerful computing devices which just happen to also make phone calls.

Your personal computing devices perform almost all of the functions of a laptop computer. Smart phones, iPads, Kindles, and other devices are notoriously easy to lose, and store gigabytes of files, passwords, credit card numbers, social security numbers, digital photos, address books, and email attachments. Because of the wealth of personal information on a cell phone, most people would rather lose their wallets, and nearly all respondents to a 2009 survey said they would be “devastated” if they lost their phone.

Upgrading your phone can be as risky as losing it. Some people donate their old phones to charity or sell them on Ebay, and experts warn that personal information on the phone could easily be mined and re-sold. Periodically search your cell phone for personal information, and make sure that you digitally shred the entire contents of your mobile device before you get rid of it.