Security's Everyman

Security's Everyman

Thursday, February 07, 2008

Odd things

Sometimes odd things happen one right after another. I've had one of those weeks. It started a few days ago when I was walking to lunch. I got to the restaurant and ordered my food to go. As I was waiting I touched my hand to my phone which I keep on the right side of my hip. Next to it I keep a belt clip that has my Employee ID, Door Access card and Transit card. As I felt my phone I noticed that something didn't seem right. My belt clip and cards were gone. I immediately started to panic. I work in Atlanta and foot traffic is heavy. I was sure that someone had picked it up and I was hoping that they would take it to my office and leave it at the security desk. Luckily my food arrived at that time and I started to retrace my steps. I found it about half way between the office and the restaurant. It was in the middle of the road and I watched 3 cars run over it. I was able to retrieve it and except for the clip it was undamaged.

I was listening to Pauldotcom Security Weekly (an odd thing in itself :)) the other day and they were talking about lost laptops and Paul was saying that he never leaves his laptop unattended. He makes sure he carries it with him everywhere to prevent it from getting stolen. I'm pretty much the same way. If I'm going somewhere and I know that I won't need my laptop I leave it at home. If I'm one my way to or from work and I have to stop somewhere I will take it with me instead of leaving it in the car.

Well, yesterday I had to drive to work because I missed the bus into town. The temp light on my Jeep came on about 1/2 the way there. I pulled over to let it cool down and decided that I needed to replace the thermostat (I've been putting it off). So during lunch I grabbed a thermostat and planned on changing it in the parking garage after work. Since I usually dress in a Shirt and Tie I needed to change before doing the work. I grabbed my laptop bag and headed down to the locker room where I keep my workout clothes and changed into a pair of shorts and a tee shirt. I grabbed my stuff and headed to the parking deck to start working. I replaced the thermostat, added some coolant and hit the road. Unfortunately it seems that the thermostat wasn't the problem because the temp light came on again about 1/2 way home. More troubleshooting needed.

As I got home and started to grab my stuff it hit me that my laptop bag was NOT in the car. I really panicked this time. I had visions of it sitting in the parking garage thinking that I had set it on the ground beside my Jeep while I worked on it and forgot to put it in when I left. I searched my mind trying to remember where I may have left it. Was it still in my office? WHERE!?!?!?! Then it hit me that I had left it in the locker room. My panic subsided a little because it is an employee only facility, but I was still worried none the less. So I grabbed my 2 girls and hit the road to go back to the office and get it. It was still there and had been undisturbed. I guess if anyone saw it they just assumed that it belonged there. WHEW!!!

Both of these incidents could have had much worse endings. The loss of my cards could have given someone unauthorized access to the facility (and lots of free train rides). We have processes in place so that I can disable the cards quickly so that would have reduced the window of opportunity. The laptop loss would not have been such a big deal since I use TrueCrypt (they now have whole disk encryption now) and keep all of my data on the encrypted volume. It would have been a headache more than anything.

So lessons learned. PAY ATTENTION!!!!! Don't get so distracted by what is going on around you that you lose focus on important things.

1 comment:

LonerVamp said...

Of course, one could give employees the tools and empowerment to make these sorts of mistakes. Let's assume both of your incidents turned out with completely missing gear (ID card and laptop).

Employees should be readily able to report a missing access/ID card and start the process for a new one, and de-activation of the old one. No tail-gating for a few days, putting off the notice!

Lost laptops can be encrypted so outsiders really get nothing except the hardware, which is a trivial cost. To alleviate the pain of lost data for the employee in question, backups to a central location can restore most stuff. This backup is easier said than done, sadly.

But still, even if not everything was backed up (files on the Desktop or random C drive locations and stored passwords), hopefully the damage is minimal and contained, and easily illustrated/tested. Take away the laptop or simulate an HD failure. :D

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.