A rant on the importance of properly securing sensitive data

This morning started off as a typical workday for me, sitting in my office banging away on the keyboard, reading system logs, and chatting with three different colleagues via IM, while on hold with tech support (I multi task very well sometimes).

Without warning I suddenly had this feeling that something VERY bad was happening. I can’t really explain it, but a chill ran down my spine and I just knew something freaking dire was transpiring at that very moment.

I stopped everything I was doing and closed my eyes trying to figure out what had set me on edge, and then I heard it. Wafting from down the hall (I work in the accounting building) I heard the following “… can you email me that text file with all the credit card numbers in it again? I think I accidentally deleted it from my email.”

WHAT!?!?!?!? GAH!!!!!!

And so I went charging out into the hall to put an immediate halt to this nonsense.

Now I have explained multiple times that no one (I mean that literally – myself included) is to ever store any passwords or access codes (including credit card numbers) in an unencrypted format, for any reason (this is quite clearly laid out in our IT policy manual, which every employee has read and signed). Apparently some of the office staff thought I didn’t really mean that, it was just filler in the policy manual.

GRRRRRRRRRRRRRRRRRR

So 45 minutes later I sat in an emergency all hands meeting yet again explaining (in detail) why this is a no no, with the usual push back (it’s too hard to lock a spreadsheet, etc.).

I just don’t understand what is so difficult about this, after all I have provided them with the necessary tools to secure this… kind… of… informa… DOH!

Every now and then I have one of those moments when I realize that I have done everything I can think of to prevent some problem (in this case potential data loss, and/or financial abuse), except one simple thing to ensure that everyone plays along; in this case I forgot to give them the tools!

Hey you’re not perfect either, so back off!

As I realized my mistake, I smoothly (seriously I don’t think anyone even realized this was not part of my planned topic) plugged my laptop into the projector and continued on to explain the answer to all of these issues; KeePass Password Safe.

For anyone that has not used KeePass, this little tool is a little piece of file/password encrypting goodness. It’s free (as in open source free), and the files created with it can be viewed on Windows and Linux/Mac OSX machines. You can download KeePass here.

Personally I use version 1.11, as it is also available in a portable version from PortableApps.com, and I always try to keep all of the utilities I use on a daily basis on my USB drive.

The Linux version is called KeePassX, and can be found here.

I love this program because it only requires the user to remember two passwords; their logon password, and the Master password for KeePass. Everything else can be kept in the KeePass database.

I seriously cannot say enough about how awesome this tool is, I use it to secure every piece of sensitive information that I have. If you’ve been looking for something to protect your sensitive information, I would highly suggest you give KeePass a spin, I think you’ll find it’s really unobtrusive, and definitely safer than using a text file to store credit card numbers.

end

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: