Thursday, 16 April 2015

Avoid the ‘I told you so’ lecture at all costs

You would never dream of putting your hard copy bank statement in the bin, would you? Not without at least tearing it up into little pieces. Maybe you bought one of those home-shredders? It is the same at work. If you print out something confidential, you are careful with it. You would not leave it out on your desk whilst you nipped to the loo, and you would shred it if you threw it away. It is second nature. You know something contains sensitive information and you are sensibly careful with it.

Which makes some people’s attitude towards IT data security unfathomable. The same person who bought one of those home-shredders to destroy their private correspondence, left their old PC at the local tip, in the dry WEEE store, without any real idea what would be done with it, and ignoring the fact that all that correspondence and more is still on the hard drive. Every word, every account number, every little detail of your life.

Mr Spock would call it illogical. We do not seem to connect the hardware to the printout. No one would bother to turn that old PC on and dig around for old personal files, would they? Well yes they would actually. Because data, information of almost any sort, is valuable. Cyber crime is on the rise and no one really knows what will happen next, because it is quite new. We have only really been using computers for twenty five years or so, and the internet is even younger. 

The basic bottom line is if it is valuable, someone will try to nick it.

So our apathy is getting more and more dangerous. We have to wise up here. However you do it and whoever you use, you need to sanitise your data before you dispose of any piece of kit. Be it a phone or a laptop, a tablet or a printer, think about the memory. It may only be a small percentage of people that get caught out this way but why would you want to be one of them?

When you get rid of anything with a memory you are taking a risk, a gamble. Every single time. As soon as you let that old PC out of your sight, you have given your data to someone else. Serious if you are a consumer, bloody scary if you are a business. Because as a consumer, you are only risking your own data, your own identity, your own bank balance. But as a business, you risk other people’s data, and as such you have a duty of care. You can be heavily fined and soon imprisoned if you do not fulfil that duty of care.

Lightning rarely strikes but when it does, it tends to hurt. I’ll give you another little example from my own life. In my private life, a pair of jeans is second skin to me. And for forty odd years I always put my wallet in my back pocket. Never gave it a second thought. My then wife used to nag me about it when we went out. She said it was easy to steal, in plain sight, but I doubted anyone could take my wallet out of my pocket without me noticing. And it had never happened...until one day at Crawley cinema. It was heaving and I was focussing on my son, then little more than a toddler, who was doing his best to get lost in the crowds. I caught him and took him back to his Mum, who was queuing for a drink. I went to pay...and no wallet.

An expensive lesson which got me the ‘I told you so’ lecture. Which no man ever wants to hear. So now I am a little more careful. In busy places, I move my wallet to a less obvious place. I manage the risk. Which is, as I may have said before, what data safe IT recycling is really about.

We do have to change our collective attitude to data security. There is no alternative. Cyber crime is not going to go away. You know I am right. Every person I sit down and talk this through with in any detail ends up agreeing with me. You cannot trust dumb luck to protect you, and you cannot do half a job and expect to stay safe. Sooner or later your luck always runs out. Do it, and if you are going to do it, do it properly.

Otherwise I am going to be right here saying I told you so!