There was no sensitive data on the iPad, just in case something like this ever happened. Security features are enabled anyway.

When I arrived hours later the receptionist said they hadn’t heard anything about any missing devices. I checked and now Find my iPhone showed the device’s location to be about 30 miles away, complete with an address and a satellite view of a residence.

I asked if they had any idea why my iPad would be at such and such address. The helpful person at the desk said, “Can you wait a moment? I need to call the owner of my company.”

I was told that the address was that of an employee whom they’d had other problems with before. They informed me that, after the phone call, the owner had actually driven to the home, recovered the iPad, and terminated the person on the spot. Hopefully the owner isn’t the kind of terminator that Arnold Schwarzenegger portrayed in the Sci-Fi movie. I told them not to fire the guy—maybe he is just trying to feed his family and losing his job wouldn’t help him. It was just nice to know I’d have the iPad back soon.

Your device can tell you, “I’ll be back!” with that thick German accent, “Ahl be bock!”

Turn on a locating service for your device today.

Please post your comments on this blog.

They drop this in the trash and nobody really notices. Even when they come back to retrieve the goods from the trash, nobody pays much attention then either.

Watch the garbage practices at your organization!

Please post your comment on this blog.

Physical security even includes examining how prepared you are from major weather incidents to becoming prepared if someone comes into your organization with a gun. Locks are examined, practices of your team members, security policies, security alarm response time, and the effectiveness of video security CCTV cameras. Even the lighting around your building at night is important to have examined. Physical security auditors frequently have more than 200 checkpoints to examine so you can feel more confident that you are prepared.

The more prepared you are, including both IT and physical security, the better you will survive, and hopefully protect against, a breach of some kind. Not only that, you may be required by regulations to be audited for physical security.

Please post your comments on this blog.

Let’s see—the only way I can think of is to never share any client data with your employees—ever. Even without computers, if an employee is privy to client data, they may “steal” that and use it for other purposes.

The goal is to protect private client data—and you may choose to never enter that into a computer system your employees can access—or never enter it into a computer at all.

If your employees do want to access client data, and you just do not want the employees to be able to easily take large amounts of information, the challenges increase dramatically. Even so, the possibilities are closer than you may realize. Thanks to application delivery and virtualization technologies, you can allow employees to work from home, or the office, without having information stay resident on their computer. You can also restrict them from being able to:

• Save to a local drive
• Print information
• Copy and paste outside your protected space
• Or otherwise retain any information

However, there is little to stop an e-savvy employee from using a digital camera to take a screenshot, or using a yellow sticky note to write down someone’s credit card information or social security number. At least these kinds of activities take “time,” so you are restricting the speed of stealing data.

For what technology cannot solve, your corporate legal advisors can step in. They can help you with non-disclosure agreements, acceptable usage policies, and other agreements for your workers to sign. The key point here is that these do not necessarily prevent the theft, but they do provide you some recourse if the employee is ever caught.

There is even IT data security insurance. If your insurance provider does not offer this service, or if you want to shop around, I know someone who does offer IT security insurance.

In some organizations, prevention is crucial. Once the data gets out, the organization may be damaged beyond repair.

To prevent an employee from e-mailing themselves a client list, there are Data Loss Prevention DLP tools available in the world. They watch for suspicious behavior and can quarantine such messages before sending them out. That delay gives the responsible person in your organization the opportunity to stop the data before it leaves.

There are other strategies as well:

• Provide people with only the information they need to know. A good book full of these examples is Blind Man’s Bluff: The Untold Story of American Submarine Espionage by Sherry Sontag and Christopher Drew.
• Rotate employees through specific duties so their time to do harm is limited.
• Force employees to take mandatory vacations during which time illegal behaviors may be detected.
• Have a separation of duties such that it would be difficult for one employee to commit fraud all by themselves.

While “total protection” may result in your employees not being able to function, there are strategies that can provide you with both productivity and security.

Please post your comments on the blog.

You can watch the short video on this story. Keep in mind that more and more social media tools are offering a service, sometimes turned on by default without your knowledge, to broadcast your GPS position.

Choose your friends online wisely. Watch two videos that demonstrate this principle:

• Facebook Identity Theft: Office Romance Goes Wrong When Facebook Profile is Hacked
• Car Wreck Car Crash and Social Internet Safety

For suggestions on how to be safe online using social media, visit www.learntobesafeonline.com

I am running Windows 7 on two of my machines and am impressed so far. This seems to be what I expected from Vista finally delivered.

More Power: One of the biggest reasons I want to let go of XP and move to Windows 7 is that the 64-bit version of Windows 7 can take advantage of more memory and processing power, and it seems the drivers are catching up better than in the 64-bit version of XP.

More Security: Eventually, and likely even out of the box, Windows 7 will be more secure. Poor old XP was released when most of us would use our telephone modem (remember those screeching sounds?) to connect to the Internet whenever we wanted to browse the web or use e-mail.  It is time for the new generation of operating system.

So should you switch ASAP? Yes, on one or two computers.  No, definitely not for the entire office until you thoroughly test one or two computers first to be sure they will be stable with all of the applications your office uses. Then, after that, you will probably want to start upgrading all of your machines.

There are documented problems of employees “taking data home to work on it” and then they lose their memory stick, hard drive, or laptop and the data falls into the wrong hands.  Other employees copy data and send it to competitors. In addition, often, users unwittingly send out private information through insecure channels.

For example, if you stop users from being able to plug in USB memory sticks and portable hard drives, they will burn the data to CD’s or DVD’s. If you stop them from using CD’s and DVD’s, they will e-mail the information to themselves. If you stop them from e-mailing the information through your server, they will get a web mail account and use that to e-mail the data. If you manage to block sending data through webmail, they will find a remote access tool that allows them to transfer files to a remote computer. And so on – it seems that “plugging the holes” is next to impossible.

This is where Data Loss Prevention tools come into play. They restrict users from intentionally, and even unintentionally, sending out private information through any means.

These systems monitor to detect and prevent sensitive information from leaving your organization through any means. If you approve for some users to use removable media such as an external hard drive or USB memory stick, the media can be automatically encrypted without the user knowing what to do.  Some software will even stop users from using the “print screen” option to steal data that way.

When a user unintentionally attempts to copy data, a window pops up explaining that their attempt was blocked and why. This helps educate users about what is and what is not acceptable. This kind of real-time feedback can also generate logs for managers who are looking for trends in employee behavior.

If your organization has intellectual property, private information, or falls within government regulations, it is time to talk to your IT professionals about implementing data loss prevention technology.

The simple solution? Have your IT professionals use full disk encryption on all laptops and then even the desktops. This means the data is scrambled on the device until the user enters their normal login. The setup is simple, the computer remains fast, and the user needs no additional training.

If your IT department isn’t setting up full disk encryption for all computers yet, ask them to start today.

Some people choose to use a different browser other than IE. I use Firefox, Chrome, and Internet Explorer depending on the task. You may choose to switch browsers or use other browsers as well. Just keep in mind that ALL browsers need to stay patched and current. If your organization uses WSUS for patches, keep in mind that WSUS will patch IE but will not patch Firefox centrally – a reason to consider staying on IE.

The most important thing is, no matter what browser you use, be sure to keep all the applications, operating systems, and firmware in your devices patched with the latest security patches. If you continue to use IE, be sure to backup your computers and apply the patch using a staged deployment when Microsoft releases the patch on Wednesday.