top | item 31860461

(no title)

ume | 3 years ago

I’ve undertaken information security training in a number of Japanese companies. They all had what I thought was a disproportionate weighting on the “blind drunk salaryman falls asleep on a train and leaves behind a laptop, mobile phone, USB stick etc.” scenario.

I stand corrected.

Edited for clarity

discuss

lelandfe|3 years ago

https://gizmodo.com/how-apple-lost-the-iphone-4-5520438

It can happen to Americans as well, as evidenced by an Apple engineer leaving an iPhone prototype at a bar after his birthday.

> "I underestimated how good German beer is," he typed into the next-generation iPhone 4

jrochkind1|3 years ago

So I actually can believe it happens to Americans as much as anyone, but that story is a bit different -- the Apple employees were testing the devices "in the field", bringing them along with you in your daily activities including the bar was intentional and part of the assignment.

I don't know why you bring a USB stick with half a million people's data with you to the bar. Why is that even leaving the office?

I bring this up not to talk about differences between Americans and Japanese (boring, I think they are probably exagerated), but becuase these are different "threat models". You handle the "USB stick with company data" on it "threat" by training people... not to just stick sensitive data in their pocket as they go about their business? It should be on a USB stick for as little time as possible and that USB stick should be treated like it's worth a fortune (because it is). There's no reason you should be carrying that thing with you to the bar in the first place.

The iPhone case... eh, if you ask people to carry a device along with them in their daily lives, it's inevitable that someone will forget one someplace at some point. Maybe some kind of proximity alarm that beeps if you walk away from it?

belter|3 years ago

It seems for the UK Ministry of Defense the going rate was 30 lost per year...

"...More than 120 USB memory sticks, some containing secret information, have been lost or stolen from the Ministry of Defence since 2004, it was reported earlier this year....Some 26 of those disappeared this year == including three which contained information classified as “secret”, and 19 which were “restricted”...."

"UK Ministry of Defense Loses Memory Stick with Military Secrets" (2008): https://www.schneier.com/blog/archives/2008/09/uk_ministry_o...

jamal-kumar|3 years ago

I always thought they did that "by accident" on purpose kind of thing. Like macrumors was always some kind of marketing ploy.

iasay|3 years ago

That was the usual loss vector when I was in the defence sector as well.

smoyer|3 years ago

Interesting ... I came here to highlight the quote from the affected city:

> The company explained that the employee had drinks after work and later fell asleep on the street, but when he woke up he realized that he had lost the bag containing the USB.

My premise was going to be that perhaps this isn't the company you'd trust with the residents' subsidies but clearly I misunderstand the cultural aspect to this story. The other thing I didn't get is that the employee who "lost" the bag filed a police report for theft. If you're passed-out-drunk, how would you even know it was a theft?

amichal|3 years ago

There is something like a 90% return rate on lost wallets in Japan. Failure to attempt to return a lost item of value is an actual crime... so if the bag was not sitting on the street next to him when he woke up and not returned by a kind soul it was by Japanese definition stolen

Edit: An eye opening video on how well this works https://www3.nhk.or.jp/nhkworld/en/ondemand/video/9999897/

Aeolun|3 years ago

> If you're passed-out-drunk, how would you even know it was a theft?

Fall asleep thinking you are carrying bag. Wake up when slightly less drunk. No find bag. Freak out. Rush to report bag as stolen.

Later go back the all the bars in town (forgot where you went), and find the one where you left your bag behind.

totetsu|3 years ago

Yes. They cover this exact situation. If you have work data in your bag, don't go drinking, don't put your bag in the coin locker, go directly back to the office.