|Homepage / Publications & Opinion / Silicon.com
How could I have been so stupid?
Written at home after a sleepless night thinking about real risks and dispatched via my home LAN.
Without revealing what I did or how and where I did it, I have to confess to having just done something absolutely stupid.
Why? The probable culprits are tiredness, overload and my ageing brain. But the result was a seven-hour window when my company and personal defences were significantly degraded. Or as Scotty would have said - our shields are down to 60 per cent and only just holding.
While travelling I lost control of a couple of hard drives containing more than 100GB of information. This was something I had never done before in all my decades traversing the planet. My immediate reaction was, "Oh well - no problem. All the data on the drives is secure."
Then my brain started whirring and it occurred to me that the state of security on those drives was originally established some years ago. As I played out the role of a would-be criminal in my mind, my unease started to increase.
The arrival of new software tools and social networks had occurred since I acquired the drives. What if you collected partial information from the hard drives and several of these sites? Would you be able to do any real and lasting damage?
The loss occurred at 10.30PM at an airport but I didn't realise that the drives were missing until 11.45PM - and the airport didn't reopen until 6.30AM the next day. By 1.30AM I was lying in bed mentally defrauding myself and stealing my own identity.
Could a criminal have done it? I concluded that a clever one could. The next morning I was thankful and very relieved to recover the drives and get back to normal.
But task number one was to try out my many devilish scenarios to see if the risk was real. It was. I could have done myself a lot of damage.
What did I learn? Something I really know well: security measures have to be continually reviewed in the context of a back-drop of accelerating technology, deviousness and social complexity that increasingly puts us all at risk.
The incident was entirely my fault. I raise my hand - guilty your honour. But I can guarantee that everyone reading this, and every company in the land, is also guilty by default. It is just so very hard to be vigilant all the time. Sooner or later we let our guard slip.
So here are my recommendations:
It is also worth remembering that most information has a very short half-life and may therefore warrant fairly minimal protection. But in contrast things of this nature remain important and useful to the criminal even after we have departed this life:
The last scare I had of this nature occurred well over 10 years ago, and that was the second in my life.
Hopefully, having now had three over the past 20 years, there won't be another one. But I'm not betting on it.