 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 08/17/2011 06:52 PM, Richard Pieri wrote: > As a data point: I don't bother with whole disk encryption. I don't need it. I don't leave my gear where it can be stolen. > > The average computer user with sensitive data on a laptop doesn't own that laptop, and thus is careless with it. Without fear of reprisal or personal loss there is no incentive to act responsibly. WDD is, ultimately, a technical solution to a social problem, which is why it doesn't work. The issue is that there are many people who are issued laptops by their employer, and these laptops do have sensitive data on them. We had a case last night where one of our members showed up at the CBC, and his work laptop had been stolen out of his car in front of the Cambridge Police Department. Certainly, any employee who has custody of company property should be advised about securing company property. I'm surprised that corporate IT does not enforce any encryption of data on laptops. I do think the whole issue is, as you point out, "a social problem". Companies provide laptops (and tablets) to employees essentially so they can do work somewhere away from the office. In our case, our Financial Engineers might have sensitive financial data in models, sales people may have sales data, contacts and customer profiles, et. al. One solution is yours, don't leave it where it can get stolen. But someone might be on his way home from work and stop at the market to pick up some stuff for home. If I were a thief, a suburban supermarket parking lot might be an ideal place. Last night I left my Color Nook and netbook in the front seat of my car at MIT when I went to the CBC, but I don't have any sensitive data on either. Most thieves don't care about the data, they simply want to resell to make a quick buck. So, what is a good practice for an employee who has company property that may contain some sensitive data? 1 solution is certainly whole disk encryption. This solution is certainly workable as long as it has a decent password. If I were the IT head at a company, I would opt for that solution. Another is simply good practices. If you are in your car and may stop, put the gear in the trunk where it is out of sight. Most thefts are opportunity. But, many people need their laptops out of the office for many good reasons, work at home, travel, visit customer sites, go to BLU meetings... -- Jerry Feldman <gaf at blu.org> Boston Linux and Unix PGP key id: 537C5846 PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
