I’d like to discuss Media Protection (MP). Its title is self-explanatory, but it’s a vast topic.
Protecting media is so important. If you’re a victim of crime and your computer is stolen. If your hard drive is encrypted, it’s data is probably useless to the person who possesses. You’re only out the cost of the machine. Usually. Not always.
If you keep sensitive data encrypted in a separate encrypted container on your encrypted drive, it may be more difficult to access if someone “hacks” into your computer. It’s not enough if you keep your financial data “in the open” on your computer. Case and point. I don’t keep my password manager PWM open unless I need it to access an account. I open the PWM, log into the account, and close the PWM. So, if someone accesses my computer, they need to be there when I open it. It’s not a perfect control, but it does make it more difficult to see my passwords.
Backups: If you secure your computer with encryption, and under lock and key – great. But if you’re sloppy with the backups, like if they’re unencrypted and easy to access, you’re vulnerable. There have been many cases where a company is good about backing up their systems/machines, but then the media is stowed somewhere unsecure and the data gets stolen, discarded, whatever.
Media Sanitation: What do you do with the old or defective hard drives, flash drives, laptops, or even disks? Although you may not be able to access the data, a pro may. Be very careful with disposing of computers or donating them to charities. There are ways to do it safely.
Media Marking: How do you know data is sensitive from the unsensitive data? Let’s go back to flash drives. Maybe color code them red, yellow, or green like a stop light? You should also mark the media with what’s on it. This way, if you want to hand it to a coworker or family member, you may say, wait, maybe that’s not a good idea.
Now, this could have negative consequences too. If a dishonest person sees the word “passwords” on a file, document, or whatever, they know it’s “the goods”. In this case, it’s important to make sure you have additional controls.
As always, do your research before you do anything. And do it slowly.