#1
Posted 26 May 2014 - 10:17 PM
#2
Posted 27 May 2014 - 01:35 AM
If you use a program like Word or a browser tuned in a specific way a $tmp copy might remain somewhere in the system. Might not.
If you don't restart the computer after viewing the files, they do remain in the RAM and can be digged out of it.
In theory, someone could find access to the copies Word or Internet browser creates while you view the files.
#3
Posted 27 May 2014 - 07:21 AM
Using a computer whilst on vacation ( especially if it is not your own computer and kept secure) involves risk.
When carrying out your risk assessment its important to consider not only the likelihood of your client's data being compromised, but also the consequences both for them and for you...should this happen.
Presumably as an investment banker with client data files probably containing sensitive information, you are subject to some regulatory control in the jurisdiction in which you operate?
The Compliance Officer's department of the Investment Bank or regulator may be able to provide further guidance.
Unless you are certain that your client's data can be accessed on another computer without risk of it being compromised, then it would not be wise.to attempt it. Almost by definition another computer will be used by other folks....and even in what may appear to be a controlled and highly secure environment it is not unknown for trojans or key logging or data capture code to be present....
Your own laptop or small form factor device that you know is as secure as possible may be a more suitable manner to access the data...
Regards
paws
#4
Posted 27 May 2014 - 12:48 PM
Using a computer whilst on vacation ( especially if it is not your own computer and kept secure) involves risk.
When carrying out your risk assessment its important to consider not only the likelihood of your client's data being compromised, but also the consequences both for them and for you...should this happen.
Presumably as an investment banker with client data files probably containing sensitive information, you are subject to some regulatory control in the jurisdiction in which you operate?
The Compliance Officer's department of the Investment Bank or regulator may be able to provide further guidance.
Unless you are certain that your client's data can be accessed on another computer without risk of it being compromised, then it would not be wise.to attempt it. Almost by definition another computer will be used by other folks....and even in what may appear to be a controlled and highly secure environment it is not unknown for trojans or key logging or data capture code to be present....
Your own laptop or small form factor device that you know is as secure as possible may be a more suitable manner to access the data...
Regards
paws
The USB drive is encrypted using trucrypt software so I feel the client files on the drive are safe should the device be lost. To help eliminate risk further I suppose I can bring my own laptop but that brings up a concerning issue. What is the point of going to all the trouble of encrypting data on an external drive if only to have the data vulnerable for recovery on any device I use to view the documents?
#5
Posted 27 May 2014 - 01:42 PM
Let's suppose someone (or something) has installed a key logger on the computer (not your own, but the one you use to view your encrypted files)
To view the files you apply your password to view the encrypted files.... and the keylogger does its stuff.... if the computer is connected to the net then the malicious code can forward the details to its control centre.... if its not connected then it can send the data the next time it is....
Some Remote Access Trojans can execute malicious code, steal passwords and log in credentials and "back doors" can give an attacker almost complete control over the computer and what its used for...
Don't let this worry you unduly, but do bear it in mind when carrying out your risk assessment, and review of the security and protections in force on the computer youi are likely to be using for viewing the clinet data.
As long as you feel confident that you have taken all reasonable and appropriate steps to protect client data and can defend the procedures you have adopted then you should be OK...
However it might be wise to consider how you would respond to questioning by the Regulatory Authorities in your jurisdiction to questions such as..
" having carried out a full risk assessment and dilligent review of all pertinent security issues, you must have had powerful and compelling reasons for using a computer with unknown protections and not normally in your custody or control to access client data of a sensitive nature during your vacation....Please tell us what they were"
If you feel that you have a good and sufficient response then you could go ahead
Hope this helps
Regards
paws
#6
Posted 29 May 2014 - 01:35 PM
http://www.geekstogo...pt-end-of-life/
as there is some interesting information about truecrypt....
It is probably time to complete a full risk assessment of your current position and especially of your client's data.
Regards
paws
Regards
paws
#7
Posted 29 May 2014 - 03:21 PM
Hello Winterof1978, and welcome to Geeks to Go!
It sounds like the data is fairly secure should the USB drive be lost, stolen, or otherwise misplaced. The files themselves are theoretically secure. If you enter your password to access the drive and open a file, then it's possible that the application(s) used to open the file will store cache on the local disk --- not the encrypted disk. This can result in a security breach should someone attempt to recover data on that computer. Further, the information is stored in RAM, which could also be recovered with the right know-how and tools.
A breach is unlikely but certainly possible given the scenario. If you have the resources, I would use my own equipment or equipment owned by the company. If you are not issued your own laptop for daily use then I would recommend contacting the technology or training division with your company to obtain a "loaner laptop."
I completely agree with the advice provided by paws and wish you well on your well deserved vacation!
Similar Topics
Also tagged with one or more of these keywords: USB
Hardware →
Hardware, Components and Peripherals →
LAN HDD to USBStarted by Faina , 07 Apr 2023 lan, hdd, usb, not recognized |
|
|
||
Hardware →
Networking →
Weird recurring disconnect issue - Windows 10Started by Rickie , 27 Dec 2022 windows 10, wireless, ethernet and 2 more... |
|
|
||
Hardware →
TV, and Home Theater →
Unable to see MP4 files on TV through USBStarted by Hari Prahlad , 09 Nov 2020 mp4, USB and 2 more... |
|
|
||
Hardware →
Hardware, Components and Peripherals →
Fried motherboard and melted cableStarted by Notle567 , 13 May 2018 USB, Motherboard, Melted Cable and 1 more... |
|
|
||
Discussion →
Off-Topic →
Upcycled - USB TypewriterStarted by WillAlt , 27 Feb 2018 usb, typewriter, recycled and 1 more... |
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users