After reviewing my files, it turns out I've been a bit sloppy -- there were definitely some files on my hard drive that if my laptop was stolen, customer data could be harvested. Mind you it would take some effort, but all the same, the data was accessible. So, I moved those files to my TrueCrypt volume or I deleted them.
As you may recall from a March 2008 blog post, TrueCrypt is a free open-source software that you can run on your computer to provide encryption for your files. The nice thing about TrueCrypt is that the encrypted volume looks and feels just like another hard drive -- anyone can use it.
The other security practice I was already using was keeping my passwords secure. All of us have too many usernames and passwords to remember. (Remember, if you use the same password for every site, then if one password is cracked, they all are.) I use RoboForm (see prior blog post), which allows me to store and easily access my usernames and passwords, all the while being secure by a single master password -- very similar to how TrueCrypt provides a master password for your encrypted files.
So now I've re-instuted secure file management and continue to secure my passwords, but there must be more...
- In theory, my email and contacts should be secure if no one has my login. Perhaps some research to better understand the risks and protections might be in order.
- The same applies to the access I have to email and contacts on my phone. I've just added a password to my phone, so at least it's a little more difficult to get into it if lost or stolen.
- My wireless network has a strong secure password, but if my laptop is compromised, what are my risks? Perhaps some additional research in this area would be good, too.
- Of course I keep my OS patched -- auto-notification and dilligence in applying them.
- I have current, up-to-date virus protection.
- I only ever use Internet Explorer on websites that I know and am required for work.
- I keep common plug-ins such as Flash up-to-date.