Have you ever wondered how much you expose when you send your pc, laptop, phone etcetera back for repair?
Working in the IT support field, I see a lot of devices come back with a lot of data, and one can only assume that it’s at least partially personal, knowing that most people use their work machine as their personal machine.
An example landed on my desk today. It’s not a work machine, but it is a machine we’re looking at on behalf of a customer (Who’s laptop, incidentally, has exactly the same issue) – It’s the customers offspring.
I know that there’s nothing that could be done by the user – explorer.exe failed immediately on logon – To tone down the amount of personal things displayed, but it did highlight something quite important. The user had set up a slideshow of pictures to cycle every thirty seconds. Without even looking at where the folder was, whether it was titled, or even if the images were titled, a fair amount of information could be lifted.
That was without doing any digging. Knowing how things operate, and where to look, you could build one hell of a profile of the user, without ever speaking to them. Fortunately for the users that I deal with, I have no interest in anything they say, do, or think – To top that off, we have a stringent series of policies in place to avoid violating any users privacy in place.
It’s unreasonable, of course, to suggest that users – Business or otherwise – should hide their private data on their own machines – Much less to suggest they should clean up in preparation for getting a virus, or having another issue, that causes it to need to go to whoever they use for IT support.
It does, however, highlight an interesting issue. How does a company guarantee that they’re respecting privacy and the Data Protection acts when it comes to IT support?
Where I work, we have a strict policy of contacting the user of the machine to get permission for certain things, even to go so far as to require customer permission to perform thorough scans of their personal files. It seems absurd, but given some of the things that I have seen crop up during these searches, it is the only way for us to be certain that the user knows we’ve had to go there, and that they have given us permission to do so.
Making backups of user files is also incredibly infuriating, what should only take as long as it takes to dump onto a USB hard drive can take up to days extra, just trying to track down the customer simply to get a “Yes”. It’s worse when the customer doesn’t really understand what you’re asking them – Which is more common than you’d think – An hour to explain the process, the reason, and how we ensure that their data is secured from prying eyes. We do get some absurd requests from the slightly more IT savvy users, which add extra complications.
It is, though, understandable to a degree. I wouldn’t want someone poking through my collections of data, beyond what I post onto the internet. Not that I even have that much private stuff, or any for that matter, but the simple knowledge that someone has been digging through it does not inspire comfort.
Fortunately, being twenty three and male, no one is interested enough to go digging through my personal documents – Which is quite comforting.
What about, though, a woman taking her laptop to one of the more common “IT Repair Shop” style businesses that have been steadily cropping up over the years. It’s been seen on British TV more than once, how some stores will go through everything, and in some of the more sophisticated setups, get recorded doing so.
What’re the options, then?
I, personally, don’t use anything on my desktop. Being my own IT support helps.
My laptop though, being a portable device, runs a bit of software known as “Truecrypt”. It’s not perfect, nothing is, but it does at least offer a level of difficulty for the average browser to decipher, most of which probably wouldn’t be interested in doing – As I said earlier, I’m not interesting enough for that to be the case.
So, then, what’s my point?
Take care of your data. Be prepared to have a stranger nose through it at any point in time, don’t take chances. Especially not with laptops.
