There has been a lot of redundancies at my workplace recently and I am not sure when the next one is coming. I do not have a lot of personal stuff on my company laptop; in fact everything I need is on Evernote and Dropbox. I know I can unlink those computers and they should not get any updates and vice-versa, but if they reset my password, they could get access to all my files. What could I do to remotely wipe those files and/or software from my laptop should I be made redundant? Cheers, Data conscious
Redundancy picture from Shutterstock
Dear PL,
As a journalist, I’ve seen my fair share of redundancies (and even experienced one myself). While the axe can sometimes fall with little warning, your professional death-throes tend to last a wee bit longer.
In Australia, all full-time employees are legally entitled to a minimum of one week’s notice before the redundancy takes effect, although you’re not usually required to keep working during this period (indeed, the sooner you leave, the happier they usually are). Nevertheless, most employees are given at least 24 hours to sort out their affairs before they are shown the door — the chief exception is if you work with sensitive data.
Assuming you don’t fall into the above category, I don’t think it’s something you need to worry about. If you do get the chop, there should still be plenty of time to grab the files and contacts you need and wipe/unsync anything personnel from the company computer.
That said, if you’re paranoid about a vindictive manager holding your accounts to ransom, simply ensure that you have two-factor authentication enabled. That way, anyone attempting to change your password will also require access to your mobile phone.
Cheers
Lifehacker
Got your own question you want to put to Lifehacker? Send it using our contact tab on the right.
Comments
13 responses to “Ask LH: Should I Secure My Personal Data In Case Of A Redundancy?”
I’m not familiar with evernote, so this is all dropbox-focused.
By putting your files on a work machine, you’ve effectively granted your employer access.
The only way to secure stuff when someone has access to the physical machine, is to encrypt it. And encryption doesn’t play nice with dropbox.
There is no reliable remote wipe – the machine may not get connected to the internet before they’ve retrieved your files.
Two-factor authentication only covers logging in. When they can go straight at the files on the hard drive they don’t need to log in.
The best and most obvious solution is – remove your personal accounts from your employer’s machines. After all, it’s not your personal machine.
You can still have a “work” dropbox account and share files to it from your personal account as necessary.
WTF are you doing keeping personal data on a work machine anyway? That is the most retarded idea and the dumbest thing I have read all day. If you were really that worried you wouldn’t put personal data on your work machine in the first place. Nor would you access it via Evernote and Dropbox.
Oh and BTW they can access your data whether they reset your password or not. If they really wanted to they could recover the data even if you do delete it, it’s not that hard. Sleep well.
Dear IT Guy,
I think your answer is the one that give the least help of all…
If you read your company policy (or most of them), you will see that you are allowed to use your laptop for limited personal use. And if you work in mining and do FIFO rosters (Fly In Fly Out), you do not want to carry 2 laptops with you all the time, especially if you have to travel far away (I’ve already worked in West Africa, being based in Brisbane). So it may not be everyone, but some still have a need to have some personal data on their computer…
Also, more and more company are opting for encryption on their hard drive to prevent data theft when a laptop is stolen. It means that only by resetting the password you can access the data, and most of the tools (recuva and others) cannot retrieve data when the hard drive has been encrypted.
So I suggest you go out a bit and experience the real world before posting such comments.
The tools that can un-encrypt drives and recover data are usually managed by the same IT departments who deploy the encryption in the first place. It’s usually done with a master password/key or recovery disk/tools – even without the users passkey.
A company would be foolish to encrypt a work laptop without a way to recover data in the event of termination, illness, or death of an employee, passkey loss, or boot corruption – particularly given the costs attributed to data loss, and companies would be hesitant to roll out such technology.
As a fellow IT Guy, I agree with this 100%. I have some personal stuff on my laptop, not documents or anything but general downloads that are not at all work related. I am prepared to lose them if my PC dies, have any of my colleagues sift through it if they feel the need or have it reported to IT security at any time. Why? Because it’s in my contract, most likely everyone else’s too.
For all intents and purposes, as soon as any data lands on a work PC, the employer has the right to do what the hell they want with it. Sometimes work you do during your lunch break ends up being IP of the company you work for because it was done on work resources. Sometimes it becomes IP just because you downloaded it to a work PC. Read your contracts people.
If it’s personal and you don’t want anyone in the workplace to see it, don’t use it at work. Simple.
EDIT: put that crap on a smartphone or tablet that you own or something, then you still have it close.
PL… you say “everything I need is on Evernote and Dropbox. I know I can unlink those computers and they should not get any updates and vice-versa, but if they reset my password, they could get access to all my files”
If your “stuff” is all living in cloud services, and you (presumably) are the only one who knows the password to access those cloud services, and you don’t leave those services logged-in on the browser on the work computer… then I see no problem. Once the session expires, or you log-out, then that work computer becomes just a “dumb-terminal” as far as accessing your Dropbox and Evernote stuff. If it’s logged out, then no one has access to change any of your account/password details. This assumes your accessing by web browser. Like many of us do because our corporate machines do not allow users to install apps and software.
If however you’re using the installed client side software on the work computer then that’s another matter. In that case you would definitely need to first disconnect the services from updating/syncing within Dropbox and Evernote apps. ie: delete your account information. Then you would also want to DELETE the Dropbox folder in your Explorer/Finder. (making sure to also empty Recycle/Trash). And for Evernote you’d want to uninstall the app and then if it were me I’d Google “how to remove all Evernote data from my computer” and do that also.
Just fyi, google drive doesn’t delete the files when you “un-sync” a computer. You need to manually delete the folder.
Good luck accessing your files if a company goes into receivership.
Unless you’ve done something that necessitates security immediately escorting you from the premises, or your bosses do the old ‘pull the fire alarm then lock them out’ routine, you should have more than enough time to take care of it.
You could always uninstall the desktop clients and log in through the web portals in advance if you were worried though.
It depends a lot on how they’ve set up the laptop. From the sounds of it, you have admin access and the profiles are local rather than roaming, which makes it easier, but I’ll assume you don’t want to make drastic changes to the OS and that the laptop is hooked into your work domain.
Your best option is to encrypt as much of the data you’re worried about as you can. You can probably set up a truecrypt volume that loads on boot, and then use symlinks/junction points to redirect any folder you like to truecrypt. That might include your local dropbox folder, your documents folder, browser application data, etc.
For bonus points, you can store the truecrypt partition on a thumbdrive – no need to write to the hard drive at all. Even if you never get the thumbdrive back, your data will be as secure as the passcode you used to protect it.
you can use TrueCrypt with Dropbox [I have for 3 – 4 years now] . The key issue with Truecrypt is that you MUST remember to shut it down on one machine before you open it on another, otherwise you get a sync conflict. There are so many other options to access data on a work computer: via a thumb drive, USB attached HDD, or a hard drive installed in the DVD Tray space, or using portable apps in combo with one of the secondary drives listed above.
I do something similar; I have my Dropbox sitting on an encrypted partition on a USB thumbdrive I leave plugged into the back of my PC. If I ever have to go, I take the USB drive and my files remain safely encrypted and with me.
Easy answer. If you don’t want work, IT or your boss to see it, don’t have it on a work machine in the first place.
We also don’t care, you give the laptop back, it gets wiped
How about the “if I can’t have my files, NO ONE CAN!” approach?
It would require you to have administrator level access though which is
what regular employees 99% of the time do not have.
Then you could write a script that when they tell you to clear out your desk all you
have to do is double-click on that little icon on your desktop to either encrypt your
personal files or to wipe the entire directory where you have stored them.
This comes with its own legal problems of course, if you have a ‘anything that you produce
or make, is owned by the company’ clause in your contract.