Cyclical Storage Logic (Personal Data)
-
@BRRABill said:
@scottalanmiller said:
This assumption that you state here makes encryption and wiping pointless, right? The idea of encrypting and wiping data is purely because the assumption is that the OS can't protect you. If the OS or device were usefully safe, encryption and wiping would have no reason to exist. It is because we know that they can bypass those mechanisms if they want pretty easily that we go further and start to add additional protection to the data itself.
Right.
I feel every device should require a passcode, and this passcode is used to encrypt the device, like the iPhone does it, and like Bitlocker does.
Yes, it still allows for problems with easy passwords, but provides a TON more protection as a very easy level for the users.
Also introduces a lot of risk. End users are at far greater risk of forgetting their password than of having their systems stolen. It's good to consider physical theft as a risk, but it is important to be reasonable about dealing with what is statistically likely versus statistically unlikely.
-
@scottalanmiller said:
Only 10K possible passcodes. Once you have removed the drive I assume that it is not too hard to figure out which one it is.
If you use the 4 digit one. Which I will agree probably 99% of people do.
It would be interesting to know what happens if you pull the drive from the phone.
Does it have to be in the phone for it to work? For example how Bitlocker works. (Had an issue once where I updated BIOS on a Bitlocker machine. Ooops.)
-
@scottalanmiller said:
Also introduces a lot of risk. End users are at far greater risk of forgetting their password than of having their systems stolen. It's good to consider physical theft as a risk, but it is important to be reasonable about dealing with what is statistically likely versus statistically unlikely.
Right. These scenarios for me ALWAYS involve me setting it up, which requires an Admin account for the Wave software and a ridiculously long password.
-
@BRRABill said:
Does it have to be in the phone for it to work? For example how Bitlocker works. (Had an issue once where I updated BIOS on a Bitlocker machine. Ooops.)
Yup, big risk. Although to someone looking to break in, that kind of issue isn't one.
-
@BRRABill said:
@scottalanmiller said:
Also introduces a lot of risk. End users are at far greater risk of forgetting their password than of having their systems stolen. It's good to consider physical theft as a risk, but it is important to be reasonable about dealing with what is statistically likely versus statistically unlikely.
Right. These scenarios for me ALWAYS involve me setting it up, which requires an Admin account for the Wave software and a ridiculously long password.
Which comes back to... why would normal end users have anything on their local machines to protect anyway?
-
@scottalanmiller said:
Yup, big risk. Although to someone looking to break in, that kind of issue isn't one.
What is a big risk?
-
@BRRABill said:
@scottalanmiller said:
Yup, big risk. Although to someone looking to break in, that kind of issue isn't one.
What is a big risk?
Using tools like Bitlocker. Simple maintenance like BIOS updates can inadvertently scrap your install.
-
@scottalanmiller said:
Which comes back to... why would normal end users have anything on their local machines to protect anyway?
Because they do?
I'm not arguing that cloud storage isn't the best way to go. But I still deal with people who refuse or just can't for one reason or another. (Lot of proprietary software needs to be local.)
I still help them. I'm not going to criticize and move on.
-
@BRRABill said:
I still help them. I'm not going to criticize and move on.
No, but explaining to them that they are creating their own risk and bypassing the natural protections that normal people have is important. Do this still do it because people enable them or because they truly don't understand the risks that they choose to take?
-
@scottalanmiller said:
Using tools like Bitlocker. Simple maintenance like BIOS updates can inadvertently scrap your install.
So my first Bitlocker install i was unaware of that.
Had it installed on a new DELL server, and saved the password to the TPM. Was working like a charm. Until I had to update the BIOS for another issue they were having. Remotely. I was working with a DELL tech, and he said it would not affect Bitlocker. It obviously did. Computer would not boot back up. I Googled and figured out what I did, and spent the night feverishly worrying the recovery key I had wouldn't work. It DID, thank goodness, but out the fear of Bitlocker in me to this day. (Another reason to always have backups, right?)
-
@BRRABill said:
I'm not arguing that cloud storage isn't the best way to go. But I still deal with people who refuse or just can't
What software would that be? I feel like we are randomly jumping between business users and your old uncle constantly in all of these cases. Business users have different needs and need to be treated like a business, not like a senile uncle. Your old uncle needs to be coddled and protected from himself.
-
@BRRABill said:
So my first Bitlocker install i was unaware of that.
But end users are always unaware, that's the risk.
-
@scottalanmiller said:
Business users have different needs and need to be treated like a business, not like a senile uncle. Your old uncle needs to be coddled and protected from himself.
LOL. Yes, I do jump.
But I also work with single person companies who have the same sort of "senile uncle syndrome".
-
@BRRABill said:
Had it installed on a new DELL server, and saved the password to the TPM. Was working like a charm. Until I had to update the BIOS for another issue they were having. Remotely. I was working with a DELL tech, and he said it would not affect Bitlocker. It obviously did. Computer would not boot back up. I Googled and figured out what I did, and spent the night feverishly worrying the recovery key I had wouldn't work. It DID, thank goodness, but out the fear of Bitlocker in me to this day. (Another reason to always have backups, right?)
Yup, the more you encrypt, the more backups matter. But you are encrypting the backups, right? Backups are a common point of vulnerability. Thieves know that hitting backups is often worth way more than hitting running systems.
-
@scottalanmiller said:
@BRRABill said:
I still help them. I'm not going to criticize and move on.
No, but explaining to them that they are creating their own risk and bypassing the natural protections that normal people have is important. Do this still do it because people enable them or because they truly don't understand the risks that they choose to take?
how many people that you have told this to have actually changed their behavior to follow your suggestions? Non techie people?
-
@scottalanmiller said:
What software would that be?
Doesn't every small business have its own crazy software that crappily written and with terrible support?
I have an accounting client who was just told last week that the cloud isn't a good option for storage of data, because who knows how long it will be around. I kid you not.
-
@scottalanmiller said:
Yup, the more you encrypt, the more backups matter. But you are encrypting the backups, right? Backups are a common point of vulnerability. Thieves know that hitting backups is often worth way more than hitting running systems.
Of course.
Except for our Datto Alto, which cannot encrypt the local data. But since it's behind many layers and locks in the building, I have deemed it safe. The old "what are the chances" theory we've discussed here.
-
@BRRABill said:
But I also work with single person companies who have the same sort of "senile uncle syndrome".
And generally what they need is to be both overseen AND protected from themselves. It's extremely important with these kinds of businesses that they never, ever get the impression that being irrational, illogical and reckless is acceptable to anyone but them. So often people do terrible things because they see it as socially acceptable and excusable.
End users do this all the time. "All my friends do it." "But isn't this what everyone does?" "I'm just an end user, how am I to know better." All excuses. Even genocide is often only possible because there was some social excuse for it. We, in IT, have to stand firm and convey that it is not acceptable, not professionally, not socially, not financially and not for their business. If we make it clear that they are doing something completely unacceptable, they are less likely to do it.
This is why I wrote about the "home line" to help to explain to businesses that they weren't seeing themselves as a business but just as a hobby and if they want to be treated that way they can keep acting like they do but if they want to be seen by outsiders as a legitimate business, they need to rethink how they behave.
-
@BRRABill said:
@scottalanmiller said:
What software would that be?
Doesn't every small business have its own crazy software that crappily written and with terrible support?
I have an accounting client who was just told last week that the cloud isn't a good option for storage of data, because who knows how long it will be around. I kid you not.
Not every small business, but definitely more do than don't.
I too have a client who gets business advice from someone who is adamantly opposed to 'cloud' services for the same reason. Don't know how long they will be around. Additionally they believe they are more prone to be hacked. There has been no reasoning with them. They simply won't hear it.
-
@Dashrender said:
how many people that you have told this to have actually changed their behavior to follow your suggestions? Non techie people?
Well, considering I've only been brought on board MYSELF in the past month or so, I'd say 2, and both resisted.