US UNDERSTANDING WHAT IS ON YOUR COMPUTER AND PROTECTING IT PROTECTING Understanding What Data Lives onYour Computer , Smart-Phone or PDA

Understanding What Data Lives onYour Computer , Smart-Phone or PDA

From Brian Koerner,
Your Guide to Identity Theft.
FREE Newsletter. Sign Up Now!
Part One in a Two Part Series

Why Understanding the Data on Your Device is Important:

There are a variety of strategies that are available to you to secure your computer, smart-phone or PDA--or more importantly the data that resides on them. As organizations have a plethora of security strategies to protect these devices, and a budget to go with them, individuals typically have different needs. It is not that their data is any less important, but rather that cost restraints usually drive them to different solutions.

If you are serious about not becoming the next identity theft victim, you realize that protecting your personal information is not optional. However, you should also know that prior to selecting the appropriate strategy to secure your computer, smart-phone or PDA you first need to identify and classify the data on the device. Without understanding what data resides on your device, you can't possibly protect it appropriately.

Identify the Data on Your Device:

Identifying the data on your device is a very simple yet often overlooked task that you should perform on a regular basis. It best described as inventorying your device for any data that might reside on it such as e-mail, word documents and other application data that potentially holds any sensitive or personal information. Some things that you should consider when performing such an inventory are:

• Be Thorough.Take your time and look through the all the applications and file system folders of the device so that you can properly identify and classify all the data that on the device. Any data that you miss is data that might not get properly protected.
• Organize. As you come across data on your device organize it so that it will be easy to identify and classify in the future.
• Inventory Frequently. Inventory your device frequently to ensure that any new data on your device is properly identified and protected.

Classifying Your Data:

Not all data is created equal. Whether your device holds Grandma's banana bread recipe or your sensitive medical information will likely make a difference in what tools or controls you select to secure the device and the data on it. Once you have inventoried your device to identify the data that lives there, you need to classify your data's confidentiality and sensitivity.

I'm not suggesting that you need to implement a complex data classification program, but rather that you get a clear understanding just how sensitive your data is. To help you accomplish this I have provided the following basic data classification guidelines:

Highly Confidential or Sensitive. This is data that if made public could cause you financial harm such and put you at risk of becoming a victim of identity theft or other crime of fraud. This information would include personally identifiable information (PII) of you are your family such as Social Security numbers, financial records such as bank statements, credit cards numbers, even key pieces of information such as mother's maiden name.

Confidential. This is information is that of such a nature that while personal is not likely information that could be used to perpetuate identity theft or other crimes of fraud. At most, if this information were to be made public it might prove to be embarrassing. This information might include medical information such as prescriptions or treatment plans, personal e-mails or correspondence, or perhaps even your resume or other information that you feel is of a personal nature.

Public. This information is of such a nature that you do not care if it were to be made public. It is not of a personal or financial nature and cannot be used to put you at risk for any financial loss or otherwise cause embarrassment.

Conclusion: Though it seems very basic--identify your data and understand how sensitive it is so that you can protect it properly, I can't begin to tell you how many people have a device lost or stolen and don't have any good idea as to the the type of data that the device held or processed.

If you don't understand the type of data that your device holds and even where on that device that such data lives, then chances are you are not protecting it appropriately.

The first step in protecting your data on a computer, smart-phone or PDA is to understand the type data that it holds.In Part two of this series I will discuss the security controls that you can put into place to protect data on these devices.