Where To Keep Your Data, And Why

This week’s topic is Where to keep your data, and why. It is more an information piece geared to getting you think, than a simple tip.

The Tip

These days, many of us work on laptops and take our work with us everywhere. Even if we do not work on a laptop, we probably use a smartphone, and have a large amount of data with us at all times. Although this makes for terrific portability and convenience, to have our office with us at all times, it also opens the door to all sorts of risk to our data and privacy. To be diligent and responsible in this modern landscape, we need to ask ourselves, “what are we keeping on our laptops and why, what should we not be keeping on our laptops, how do we protect what we do store”?

The Detail

This is a complex issue and there are several variables. Broadly, we need to consider privacy and security, not just when we are working but also in the case of loss or theft.

Although most of us never really think about the distinction, we should ask ourselves, “Is this a primarily work computer that I do a little personal stuff on or primarily a personal computer that I do a little work on.” In either case, it’s probably a good idea to have separate user accounts on the laptop for each purpose. This will prevent things like your personal bookmarks and search history, possibly passwords, and other personal details from coming up when you are doing a work presentation. Think of this in the same way as many of us have separate email addresses for personal and for work.

The biggest risk to your device (and data) is loss or theft. In such a circumstance, you are not only losing the device and the data, you are also risking a 3rd-party getting access to all your data, which could expose all sorts of personal and administrative risk and liability. There are two issues here that need different approaches. The first is actually getting access to your data again in such a circumstance, and the second is preventing a 3rd-party from being able to do anything with your data. There are several strategies for each. Another huge risk to the privacy of your data is crossing borders. The rules around the privacy of your data are more than a little fuzzy, and change on a regular basis from jurisdiction to jurisdiction. In many, if not most cases, you can be legally compelled to unlock your device (and any data on it) to border officials.

So, where should we store our data? There are several approaches, each with pros and cons to consider. We might choose to just do the easy thing and keep everything on our laptop’s hard drive. This is certainly convenient, though it is the most vulnerable to loss or theft. It is also very vulnerable to any border agency that might insist on seeing what’s on your device. We might choose to keep all our sensitive data on a USB drive. Of course these small storage devices are easy to lose, they are also easier to keep private at customs agencies (if that’s a concern) and assuming you are carrying them separately from your laptop, they are not a big obvious target for thieves. Regardless of whether you are using local storage or removable media, you absolutely should be using encryption. This is the only protection in the case of loss or theft. Your laptop’s login password will only slow a thief down by a few seconds. Encryption of your hard drive or USB drive is the only way to protect the privacy of your data from theft. MacOSX and more recent versions of Windows both have encryption tools built-in, and there are several commercial tools available as well.

Of course, privacy is only one concern in the case of loss or theft. So is actually losing all your data, so regardless of where your store your data, regular backups to other storage devices (that you test occasionally) are essential!

The third option for where to store your sensitive data is the cloud. The cloud might mean a business network file-share, services like Google Drive, DropBox, OneDrive, Amazon, and so on. Cloud storage offers many advantages, provided you have an internet connection. It is the best way to cross a border if you have data you need to be 100% sure remains secure, because non of your sensitive data will actually be on the device that you can be compelled to unlock. It is not vulnerable to theft or casual loss. Many cloud services also offer backups. Most cloud services have a team of security experts working on keeping your data safe and secure. Although cloud services may seem ideal, truth be told, most of the providers have had some security incidents in their history. Of course access to your cloud data will only be as secure as the quality of your password 😉

So, that’s a relatively brief discussion on a few topics you should consider when deciding where and how to store your data. Although I’ve just scratched the surface, I hope this week’s discussion will encourage you to give some thought to these topics, and maybe do a little more reading. At the very least, you should be backing up regularly, and give serious thought to encryption. I’ve included a few links below for more reading, and as always, google is your friend.

If you have more questions about these topics, please contact UTS and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.