Data security has been on my mind lately, mostly after learningthat approximately 700,000 laptops are stolen in the US per year.Add the armies of desktops stolen, the backup tapes lost, and thesystem compromises that occur, and the situation starts tolook pretty grim for data security.
How secure is your data?
If someone stole your desktop, or snatched your laptop fromunder you at a coffee shop, what confidential information couldthey gain?
While most thieves aren’t of the capacity or motivation tocrack the syskey or circumvent NTFS permissions (which is aseasy as booting up with a knoppix disc. File ACLs only matterif the expected host operating system is in charge), your responseshould be to assume that they do, and that they are nowreading all of your documents, looking at all of your shortcuts andform entry values, browsing your Outlook notes of account numbersand passwords, and are playing with your tax returns.
The real-world cost of such a compromise can be extraordinary.Losing an expensive piece of equipment can be annoying, but itpales compared to the wholesale loss of data privacy.
Do you use EFS (more information here) Do you have a Data Recovery key with theprivate key stored offline in a protected location Do you knowwhat syskeydoes Are you aware of the upcoming Secure Startup (which basically is whole volumeencryption)?
Are you comfortable enough with your procedures that thephysical loss of a computer to theft would be nothing more than afinancial expense and setup hassle, with marginal or no dataexposure?