If you take information security lightly, consider the following incidents:
- Personal information on 3.9 million consumer lending customers of a Citigroup subsidiary was lost by UPS while in transit to a credit bureau (source: CNNMoney)
- Personal information of appoximately 16,500 MCI employees were lost when a laptop was stolen (source: Computerworld)
- A laptop of Hotel.com, containing personal data of 243,000 customers, was stolen in a car theft (source: Cnet)
For many companies, there is a big risk if data is placed unencrypted in portable media. These companies have both a legal and ethical responsibility to protect their customers and employees data. Unauthorized disclosure of such data will almost definitely bring negative press and reactions to the company—take a look at what happened to Epixtar when their personnel information leaked.
Ok so maybe corporate data does not mean much to you, but do you store personal information on portable media? Bank statements, maybe? A love letter? Compromising pictures? Imagine what would happen if you misplace that thumb drive. Or if that laptop gets stolen.
I wrote in Technopinoy about called Truecrypt. I learned about Truecrypt from Steve Gibson’s Security Now podcast. For those who carry confidential data in laptops or who carry confidential information in removeable media like USB thumb drives or CDs, I consider this tool essential.
Truecrypt offers on-the-fly encryption, which means that the data is encrypted right before storage and decrypted before displayed. You can create an Truecrypt volume, assign an encryption key, and it will appear as an ordinary disk drive in your PC. Any file that you store in that volume is automatically encrypted . No data can be read or displayed without supplying the key. The advantage Truecrypt has over other encryption tools is that its almost totally transparent to the user. And its open-source.
You can do almost anything with Truecrypt.
Instead of manually entering a encryption key, you can use a file as the encryption key. So if both you and your friend have the same file, you can share encrypted information without having to exchange keys.
Or you can store the file into a USB thumb drive, which means you can’t open an encrypted file unless the USB drive is connected.
You can even create a “traveller disk,” which means you can install Truecrypt and the store encrypted data in the USB thumb drive, so when the USB thumb drive is connected, it’ll automatically launch Truecrypt. No need for the recipient to have Truecrypt in their PC!