The calculator can be found at DataBreachCalculator.com. Our tip: give it a try, then consider the cost of non-action.

He’s a social engineer.

And no, that doesn’t mean he’s a really savvy developer for Facebook.

Mitnick caused an estimated $300 million in damage through the better part of two decades spent hacking into some very large institutions. How did he do it? He asked. That is, he simply used “social engineering” to trick people into giving him access, kind of like that email that is still circulating on the Internet that convinces you to delete certain files off your computer because they’re a virus (when in fact they’re standard Java files).

He’s a fascinating case study in how to break into the Big Guys using some remarkably simple methods, without abundant, nor sophisticated, technical attacks. This isn’t Stuxnet. This is earning the sympathy of the receptionist who lets you use her computer for “just a moment.”

Mitnick, who is out of prison now and works as a consultant, mentioned in the article that he has a nearly 100% success rate, still today, for his consulting clients, breaking into their systems using good old social engineering.

But the kicker here is that he has a 90% success rate on the SECOND attempt…because his clients typically do not implement the corrections he advised in the first place. This experience mirrors our own experiences at Tri-8, Inc. (makers of MyLaptopGPS), particularly in our longer software automation history. It’s remarkable how many organizations will ask for, and pay for, key technical or business advice, and then essentially ignore it–and fall victim to the very same problems they started with.

Thus, our Tip of the Week is very simple, yet very powerful: if you ask for, and pay for, advice, consider following that advice.

Fool me once, shame on you. Fool me twice…

We’ve been inundated with requests for the Guide. And we say, “Bring it on.” That’s what the Too Late Guide is there for, so we welcome the significant traffic and are happy the Guide is being sent far and wide.

Laptop already stolen? Get the Too Late Guide!

What should you do when your laptop has been stolen and you did NOT have MyLaptopGPS installed? You know full well that if you would have used MyLaptopGPS, your laptop would very likely not be gone (00.4% theft rate) and even if it was, we’d be tracking it. But it’s too late. What now?

Is it possible for you to track down the laptop yourself?

How?

What are the first steps you should take?

The answers are important, straightforward…and to long to include in a brief blog post. Thus, MyLaptopGPS is proud to announce the availability of the Too Late Guide: How to Track a Stolen Laptop That Did NOT Have MyLaptopGPS. This guide walks laptop theft victims through the key things they can in fact do to raise their prospects of getting a stolen laptop back. It may be a long shot–but it’s a shot.

Download the Too Late Guide today and please let us know what you think.

MyLaptopGPS may not quite go to this extreme, but from your data’s perspective, it does!

An Indiana adoption lawyer whose client files were scattered in the wind after his adult children left boxes of them beside a recycling bin has received a public reprimand.

The Indiana Supreme Court on Sept. 30 issued the reprimand against Steven Litz, whose Monrovia, Ind., practice focuses on adoption and criminal law. The court noted that it was the third time Litz had received a public reprimand.

Litz directed his two children to take about 14 boxes of client files he wanted to discard to a local recycling bin, according to the decision. Finding that the bins were full, they left the boxes on the ground beside the bins and did not tell Litz. The wind later blew the tops off the boxes and sent some of the papers flying into public view. After someone notified Litz of the situation, he and his children retrieved the documents.

Wow. This immediately brought Kansas to mind. Not the state. The band.

This data breach gets a theme song–a true classic:

Particularly, the line of reasoning follows a great blog post by Sean over at F-Secure. Sean advises his readers to commit this cardinal sin, but the key is a PIN. Namely, when writing down a password, three characters are left out. Those three characters are memorized, and it’s certainly easier to memorize three characters than 10-12. Tack those three characters onto the beginning or the end of your handwritten password, and you then have a functioning authentication token that you didn’t have to fully memorize, while a thief who has your Post-It actually can’t do anything with it.

Now I’ve also blogged about using a decent password safe–software to keep your passwords organized and encrypted. I still claim that’s the way to go, but Sean’s idea is a great one too.

But while the devices proliferate, their capabilities increase, and that actually brings a significant risk, since a single smart phone with a meager 8 GB of storage can carry enough proprietary, secret, sensitive, or otherwise private data to just about destroy a business–when the phone falls into the wrong hands. Thus, businesses and consumers alike are waking up to the risks of those handy gadgets.

Businesses must lead the way in managing the risk, and Paul Korzeniowski over at InformationWeek has a nice, short article entitled “Five Steps to Managing Mobile Devices.” It’s worth a read, and business owners and managers must start by getting over the psychological hump–you can manage the devices or, at the very least, you can make some decent headway to at least reduce your risk.

Here are Korzeniowski’s steps, in summary (please read the full article):

Step 1: Inventory Employee Mobile Devices

Step 5: Move To More Sophisticated Applications

Once again, here’s that link to the full article–worth a few minutes’ read. And, while we’re at it, it’s worth noting that insuring these devices is a very, very good idea as well. And it’s very affordable. See MyLaptopGPS Premier Partner Safeware Insurance for more information.