Defensive Pistol Storage in the Home

One of the things that we emphasize in our firearms classes above all else is firearm safety.  Of the NRA rules for safe gun handling, the third rule states “ALWAYS keep the gun unloaded until ready to use.”  However, when teaching the “Personal Protection in The Home” course, we modify that third rule to tell you to always assume that the gun is loaded.  The reason for that is because our personal defense gun is considered to be the “ready” or “in use” gun, and is therefore usually loaded. After all, it doesn’t make too much sense to have an unloaded gun for personal defense.  Would you keep an empty fire extinguisher for kitchen fires?  Safety is paramount, but we are talking about the safety and proper use of a tool that we will possibly use to protect ourselves and our families some day.

In my own household, where our youngest is a teenager, the risk of a small child accessing our guns and “playing” with them is extremely small.  But what about that same teenager with nosey friends?  What about burglars who break in while we’re gone?  Part of my own philosophy about gun safety and responsibility says that I will not put guns in the hands of those who will intentionally do harm to others, but I will always have a firearm readily available when called upon to use it for defensive purposes.  We as gun owners have as much of a DUTY to keep guns out of unauthorized hands as we do the RIGHT to own them.

So having said all that, I wanted to use this article to discuss the various aspects of home firearms safety versus accessibility.  That is – the safe handling and storage of firearms versus accessibility to a “ready” firearm when you are in a crisis situation in your own home, and mere seconds count.  Having a ready firearm available and accessible involves a certain amount of risk analysis.  The risk of having a ready firearm that is accessible to unauthorized people versus the risk of not having a ready firearm available for self defense is a serious one and takes a great deal of consideration.  And when we say “unauthorized people” this can be a child who finds the gun and decides to play with it, a nosey friend of your teenager just looking around your house, or a criminal who has broken into your house and steals your firearms.  It is important to remember that safety not only applies to your own handling of firearms, but household members who could inadvertently hurt themselves, and also to criminals who steal your firearms and do harm to others. 

To help illustrate this point - In my “day job” in the computer security biz, we often have to contemplate the balance between the need for keeping our computers and networks safe and our users being able to do their jobs.  If we are too secure, our network will never be hacked, but our users will not be able to conduct business.  If we are too lax or too open, we will be successfully attacked, our data stolen (or worse), and our business suffers greatly.  To accommodate the fine balance needed between security and accessibility, we use something called “defense in depth” to make sure that we have various layers of security.  Each layer is (hopefully) transparent to the end user, but presents a virtual gauntlet of protective measures that an attacker has to break through in order to get to our data. 

Likewise is the risk analysis that we as gun owners have to perform when we make the decision to keep a loaded firearm in the house for personal protection.  And just like the example above, we want to present a “defense in depth” of multiple security layers of protection.  This article will present some different scenarios of safety versus accessibility, along with an analysis of each method’s safety versus accessibility profile.  This is not meant to be an absolute recommendation of any particular safety strategy – only YOU can decide which is right for you!

NOTE:  The following sections talk about doing drills and performing practice.  Do NOT do your drill or practice with LIVE ammunition.  Remove all of your live ammunition from your ammunition storage container, and put some dummy rounds, or “snap caps” in your storage container, and in the magazines you store in that container. Check, double check, and triple check that your firearm is unloaded before doing any drills or practice.

 
Strategy 1:  Unloaded Handgun in the Storage Safe:

This scenario assumes the most safe and secure of all storage methods.  In this scenario, we are describing the large fire-proof gun storage vault with a combination lock and/or a digital keypad.  This strategy also assumes that the firearms kept inside are all unloaded, and in keeping with best practices, the ammunition is locked in a separate container.  If there are young children in the house, this is by far the safest way to ensure that getting to the guns is extremely difficult, but that an unauthorized person loading the gun and accidentally hurting themselves is more difficult still.  In the case of protection from burglars, this strategy makes stealing your guns and ammunition as difficult as it gets.

But what about accessibility in a home invasion situation?  Can you quickly get the storage vault unlocked, and retrieve a firearm?  Can you then quickly retrieve ammunition, load the gun, and make it ready for use?  How long will this take you to do?  In the mere seconds that it will take for a violent criminal to burst into your home and get to where you are, it is going to be very difficult to retrieve a ready firearm and protect yourself and your home.

Safety:  High

Accessibility:  Low

Recommendation: 

• If you are preparing for home defense, and accessibility is a concern, change your strategy to one that is more suitable and considers more of a balance between safety and accessibility.
   
• If you are insistent that you are going to use this as your only storage strategy, then drill yourself to find out how long it takes to retrieve a handgun, retrieve the ammunition, load it, and be ready to use it.  Practice doing this in the dark to see if you can do it, or to see how much longer it takes than doing it in the light.

NOTE:  Do NOT do your drill or practice with LIVE ammunition.  Remove all of your live ammunition from your storage container, and put some dummy rounds, or “snap caps” in your storage container, or in the magazines you store in that container. Check, double check, and triple check that your firearm is unloaded before doing any drills or practice.  Get a second person to assist you with your drills.  Have them verify that all live ammunition has been removed, and that your guns are unloaded and that only dummy ammunition is used in the drill. 

• Put loaded magazines or speed-loaders in your ammunition storage container for easier retrieval and loading.
   
• Harden the target.  Make sure that your home is as inaccessible to burglars as possible.  Keep as many barriers between you and the home invader as possible.  Those barriers might include dogs, locked doors, deadbolts, alarm systems, and a safe room in your house.
   
• Make sure the gun and ammunition storage is in your safe room.  Having a locked door between you and the person invading your home will at least buy you some time to retrieve the firearm, load it, and be ready.

 
Strategy 2: Loaded Handgun in the Night Stand:

This represents the other end of the safety/accessibility spectrum; from both safety and accessibility standpoints, this is in direct contrast to the strategy mentioned above.  If there are no children in the house, then the risk of a small child getting to the firearms is relatively small.  Your firearm is immediately accessible in case you need it.  But it is also immediately assessable to unauthorized persons.  If you leave the firearm in your night stand while you are out, and a burglar breaks into your home, it will be easy for them to find and steal your gun.  A night stand, after all, is one of the most common places for people to keep pistols and other valuables.

Safety:  Low

Accessibility:  High

Recommendations:

• If you don’t usually take your firearm with you when you leave the house, get a safe in which to lock up your firearms while you are gone.
   
• Same goes for any other firearms you have in the house.  Even if you don’t have a risk of children who can get to your firearms, there is still the risk of a burglar coming in and stealing your firearms.
   
• Use some concealment methods to hide your firearms.  Most burglars look for the low hanging fruit.  They quickly look around for items to steal and get out before they are detected or the home owner comes home.  Even if you keep your ready pistol in a handgun safe, consider concealing the safe.  Many small pistol safes can be easily pried open if the intruder has a crowbar or other tools.

 
Strategy 3: Loaded Handgun in the Handgun Safe:

This strategy offers an excellent balance between safety and accessibility.  The defensive handgun is readily accessible with the push of a few buttons, but is still locked up and secure from children and the amateur burglar.  Always keeping your ready firearm in the pistol safe gets you in the habit of always retrieving your gun from that safe.  In contrast to the scenario above, you develop a habit for going to that location for your defensive pistol, and do not run the risk of forgetting to move your handgun from the night stand to the safe each day when you leave.  There won’t be that nagging “Did I leave my pistol out?” feeling.

Safety:  High

 Accessibility:  High

 Recommendations:

• Make sure to buy a pistol safe that can be bolted to the floor or other solid structure.
   
• Choose a location for your pistol safe that is quickly accessible to you, but not readily visible to children or burglars.

 

• Drill yourself on how long it takes to open your pistol safe – including drills on doing it in the dark.
   

NOTE:  Do NOT do your drill or practice with LIVE ammunition.  Remove all of your live ammunition from your storage container, and put some dummy rounds, or “snap caps” in your storage container, or in the magazines you store in that container. Check, double check, and triple check that your firearm is unloaded before doing any drills or practice.  Get a second person to assist you with your drills.  Have them verify that all live ammunition has been removed, and that your guns are unloaded and that only dummy ammunition is used in the drill. 

• If you have a pistol safe with push buttons or other electronic technologies that require batteries, test the mechanism often, and change your batteries often.  Perhaps coincide this with your schedule for changing your smoke detector batteries.  (You DO have smoke detectors, right?)
   
• Put a low intensity battery powered light near your handgun safe.  This provides a quick way to get low level illumination on the safe so that you can see the buttons, and helps provide light in the immediate area so you can open your safe.  I use one of those big push-button closet lights.  You push the large dome for the light, and the light comes on.  It is very low intensity so as not to hurt my eyes, but so that I can see the safe and the immediate area.
  
   

 

• Put a high intensity flashlight inside of or in the immediate vicinity to your pistol safe.  This will help you illuminate the area in front of you to make sure you are only aiming at the bad guy and not a family member.  The high intensity light will temporarily blind the intruder as well.
   
• When you travel, if you do not take your ready handgun with you (some states do not recognize your CCW permit), then take your handguns out of the handgun safe, unload them, and put them in your gun storage vault.  Put the ammunition in your separate ammunition storage container.
   

Wrapping It All Up:

Safety versus accessibility, when it comes to firearms, involves a great deal of consideration and risk analysis.  On one hand, if firearms are not secured, even though they may be highly accessible, unauthorized people can gain access to them.  On the other hand, if secured too tightly, you may not be able to access and use them when needed during a home invasion or other personal attack.  

Food For Thought:  If someone breaks into your house, and you end up in the same room, it takes the average intruder only one and a half seconds to reach you from a distance of twenty-one feet away.

As I mentioned before, “unauthorized people” can be a child who finds the gun and decides to play with it, or a criminal who has broken into your house and steals your firearms.  It is important to remember that safety not only applies to household members who could inadvertently hurt themselves, but also to criminals who steal your firearms and do harm to others.  I certainly don’t want to be the one who is responsible for hurting a child, and I especially don’t want to be the one who enables a criminal with a new tool (my firearm) to use for committing their crimes and other acts of violence.

Use defense in depth!  Build layers of protection around yourself and your firearms with good household locks, personal awareness, home security strategies, and common sense.  Take an NRA Personal Protection in the Home course or attend an NRA or Refuse to Be a Victim seminar.  In our NRA developed and approved courses, we will teach you how to have a plan, practice the plan, and use common sense to keep yourself and your family safe.  These courses cover such things as designating a safe room, keeping your firearms secure yet accessible, and how to be aware of your surroundings.

Firearms security versus accessibility means practicing risk analysis to avoid risky practice.  Practicing your methods and strategies is vital to successful deployment in a crisis situation.  Having a plan and being able to react quickly can save your live and the lives of others.  Your personal safety and the security of your family depends on it!

Self Defense in Washington D.C.

In this article I would like to discuss an aspect of gun ownership that many folks in other parts of the country take for granted, and probably don’t even have to think about too much: Defensive gun ownership rights – specifically, the concept of being able to own or even carry a concealed handgun for self defense.  In most other states, people have the ability to apply for,  and obtain concealed carry permits for the purpose of carrying a handgun for self defense.  And to this day, despite 2nd Amendment victories won by  the cases of D.C. versus Heller, and Chicago versus MacDonald, the people of Washington D.C. still find themselves facing difficult hurdles in order to even own a firearm, much less carry one.  The city council, and especially the Washington D.C. Police Chief are still of the opinion that if these folks aren't allowed to have guns, that all the crime will  magically disappear.  Well, it hasn't yet (D.C. is one of the highest crime cities in the U.S.), and the Washington D.C. police do not have the resources to protect every single individual.

 

I realize how much I take my own concealed carry permit for granted  every time  I find myself in Washington D.C. on business. When I have some down time, my mind wanders and I find myself comparing the culture in this part of the country to the culture we enjoy in Colorado. While there on one particular trip, I was often asked by friends and colleagues what I did for fun the afternoon or evening before. My response was usually along the lines of walking the National Mall (before sundown) and looking at the monuments – I love seeing our national monuments, and take the time to visit them every time I am there.

The response:
 

“You didn’t walk the National Mall at NIGHT, did you?!”

Well – no, but why would they ask such a thing?

“

"Because it just isn’t safe!”  was always the answer. Well – I knew that, thus my decision for not doing it.

Well – let’s talk about that for a moment. It’s not SAFE to walk the National Mall in Washington D.C.! And this sentiment in a city where the Police Chief, City Council, and Mayor have all made it clear that they do not like the idea of citizens being armed. But yet the Supreme Court has ruled (in the case of D.C. versus Warren and others) that the police do not have an obligation to protect individual citizens. My perception of how dangerous this city is can always be further perpetuated by the events of many late afternoons, when I am walking around the city, and there are police sirens whaling every so often, followed by something looking like a bomb disposal vehicle, followed by fire engines. “What the heck is going on here?” I have often thought. Why isn’t this place safe?  What causes a place like this to be widely considered dangerous to walk around at night, but yet those charged with protecting it would regard armed law abiding citizens as a bad thing?

In talking with a few of the locals, I most assuredly have my impressions confirmed that Washington D.C. is just widely regarded as having a high rate of violent crime. Now this is not something new – I know that many of you have heard this all before. But what occurs to me every time I come here is that there is a very simple explanation: Citizens are not allowed to have guns for self defense, either in the open, concealed, or just locked in the trunk of their cars. Until last year, handguns where completely outlawed. But even though the Supreme Court has ruled the bearing of arms to be a right that these citizens should enjoy, the city leadership has been throwing up roadblock after roadblock towards allowing these people to arm themselves and put the violent criminals on notice that they want to defend themselves.

Washington D.C. is not unique in this. Cities like Chicago, New York, and some other large metropolitan areas also have very restrictive gun laws, and citizens are deprived of the right to carry concealed weapons or in many cases even own them. What do they also have in common? Very high rates of violent crime! The economy is certainly having an effect on the increase in violent crimes every where¸ but when criminals know that their victims cannot fight back, they are further enabled and feel emboldened to commit these crimes. And in this city in particular, it is even illegal to carry knives and pepper spray. So basically, everyone except the criminals, is rendered completely defenseless.

What does this mean to us as United States Citizens?! We’re all voters! With some very important elections coming up in 2012, we need to start NOW in looking for state candidates who will help protect our rights to bear arms, to ensure that Colorado will continue to enjoy the rights we have now with no further erosion of these rights, and national candidates who will take this message to Washington D.C. The current administration is moving at a furious pace to change our country – I am wondering how long it will be before our “privileges” of concealed carry disappear, and our RIGHT to keep and bear arms is taken away for good. Get involved, get the word out, and wake your fellow Americans up.
 

Concealed Carry Bill Fails:

National Concealed Carry Reciprocity Fails—But What Is Behind The Scenes?

The John Thune (R—South Dakota) Senate bill to allow concealed carry (CCW) reciprocity nationwide failed to overcome a procedural hurdle and get out of committee. According to the NRA Institute for Legislative Action:

“By a 58 to 39 majority, the US Senate voted last week to let concealed handgun permit holders carry handguns across state lines. Yet, it was two votes short of the 60 needed to overcome a filibuster. The legislation sponsored by Senator John Thune (R, SD) would have allowed reciprocity in permitting, as anybody would still be required to obey the laws of the states that they travel in. This is the same way driver's licenses work.”

Perhaps there was more to this bill’s failure than is evident on the surface, and there are other reasons why the bill failed despite a majority being in favor. From Dudley Brown, Executive Director for National Association for Gun Rights:

“It wasn't a "lack of unity" in the Republican party that led to the Thune amendment's 58-39 demise: The Thune amendment was never supposed to pass.The entire process was calculated to fail … but only after dozens of anti-gunners on both sides of the aisle could exploit the chance to dissemble on the record as gun rights supporters.It's Washington politics at its finest -- voting "yes" on an ostensibly pro-gun bill orchestrated to die just short of the needed number of votes, but that could still be used to dupe constituents.”

That doesn't surprise me a bit! Colorado Senators Bennet and Udall, two of the most extreme liberal Senators in office, both voted "YES" on this bill. They were dissembling, of course. NO doubt a ruse to make us think they supported our gun rights. I'm sure Reid coached them on how to vote. D'ya think? 

There is no doubt that CCW privileges have come under fire from many in the gun control community. And in practically all of the cases of opposition, the fears and worries that would cause support for CCW to fail are unfounded. For example, some of the politicians had this to say about this bill:

“Sen. Frank Lautenberg (D, NJ) warned it is an "attempt by the gun lobby to put its radical agenda ahead of safety and security in our communities." Sen. Kirsten Gillibrand (D, NY) calls it a "harmful measure" that will put the public at risk. Senator Chuck Schumer (D, NY) said: "It could reverse the dramatic success we've had in reducing crime in most all parts of America."

As all of us who carry are well aware—the fears of the streets “running red with blood” that would surely have come about by CCW permitted citizens never came to pass. And the political wrangling that goes on to help politicians in danger of re-election in their districts, instead of addressing the real issues is something we should all be concerned with. The actions that took place behind the scenes on this bill should serve as a warning that we should be watchful of any future CCW related legislation, and ensure that our representatives are voting with reason instead of out of fear of losing voter support. 

Refuse to be a Victim: Defense-in-Depth for the Home

Staying safe in your own home should be a pretty straight forward process.  Go inside, lock the doors, and be safe.  You’re not overly worried about an invasion while you’re at home, right?  And if you leave lights on while you’re not at home, then that should deter most criminals, right?  Don’t bet on it!  Even in good neighborhoods these day, homes are being invaded and violent crimes committed in areas where we never thought we had to worry about such things.  The criminals are taking their show on the road and selecting neighborhoods where they know they can walk away with your valuables.

Download the home security self-assessment survey from Jeffco Sherriff's Dept.

Criminals have found more ways to break into homes, and more ways to bypass what we think are the normal protective measures, such as locked doors and windows.  They are also no longer limiting their invasions to times when they think the home is empty.  Invading a home while the occupants are there (see link at the end of this article) has afforded criminals several opportunities for committing even more serious crimes such as kidnapping, rape and robbery.  If they can abduct a person who can take them to an ATM to obtain cash, their reward from the crime becomes even greater.  Likewise, if someone is home, then they can possibly force them to open safes, unlock secured storage, or gain access to other valuables.  So as criminals get cleverer about their strategies, we also need to become craftier with our defenses.  And this doesn’t mean that we have to turn our homes into hardened fortresses where everyday life is uncomfortable.  We just need to find ways to be more aware and have multiple methods of protection.

This is where a term known as “defense-in-depth” comes in.  If you create multiple layers of protection around you and your family to defend against potential invaders, then the chances of a criminal successfully getting in and doing you harm is greatly reduced.  The idea here is that even if one or more layers of your defense are defeated, you will still be protected because there are other layers of protection in place to stop the attacker from getting in.  Multiple layers of protection will also allow you to be more flexible in your protections while allowing you to still live your life.  Remember – the idea isn’t to barricade yourself inside an impenetrable fortress and have not a life.  The goal is to have a safe place of residence and still be able to live comfortably.

Attitude & Awareness:  A secure attitude is the very first and most important building block of your home security strategy that you should develop.  Just being aware of what is around you, and what condition your other security measures are in is really all we’re talking about here.  Keeping the mind set of always locking doors (even during the day) and always being aware of your surroundings will go a long way towards ensuring your safety.  Obviously you can’t be in a heightened state of awareness all the time.  You like to sleep occasionally, right?  But that’s where having multiple layers of protection will come into play, as we will discuss further in this article.  And the importance of this attitude is to realize that you are not doing these things because you are afraid, you are doing them to protect yourself and your family.

Exterior Areas:  Keep bushes and shrubs trimmed – don’t give criminals a place to hide.  Find some attractive "thorny" bushes to put in front of your windows.  Don’t leave tools and ladders outside and accessible where someone can use them to break into your home.  Keep outside areas well lighted.  Consider installing motion detectors for turning on outside lights when someone enters the area leading up to your doors.  Make sure the garage door is closed.  If you have large dog doors, make sure they are secured when not in use.  When you come home, make sure you are aware of what's going on as you enter the house.  If anything seems out of place upon your arrival home, leave the area immediately, go to a neighbor's house, and call 911.

Large windows on the sides of entry doors allow potential intruders to see in and see what's there!

Exterior Facing Door Areas:  Install wide-angle peep-holes to allow you to see more area of the outside entry way.  Covering windows that allow people to look inside is an important step in foiling would-be home invaders also, especially if you have an alarm system with a control panel that is visible in the front or rear entry areas.  For example, some people have large windows on either side of the entry door that allows someone to view into the house.  Many alarm installers will put the control panel for the alarm system adjacent to an entry door.  If a potential intruder can peer in and see the alarm status lights, then they know whether or not your alarm system is even armed.  Consider putting curtains or opaque window film over these windows.  There are many attractive options that will still allow light to come in, but will make it very difficult for people to see details about the inside of your entry areas.

Alarm Systems:  Consider installing an electronic alarm system with battery backup, connected to a centrally monitored alarm company via telephone.  These types of alarm systems are very affordable, and can also detect smoke/fire and carbon monoxide, making them extremely effective in several different aspects of home security.  Panic buttons are a popular feature of these alarm systems.  A panic button can be hard mounted on a wall, but can also be a wireless device, and portable, resembling a key fob.  Not only can you use the wireless devices to alert the alarm company in a panic situation, but they can also be used to arm and disarm your alarm system from anywhere in the house.   These types of alarm systems can be very sophisticated, and allow you all sorts of options such as glass break detectors, motion detectors, and sensors to detect if windows are opened.  The options are many and varied for these systems.

Dogs and Signs:  Even if you don’t have an alarm system, a sign warning potential criminals can still be effective.  They don’t know that you don’t really have an alarm, but such a sign makes them think that you do, and therefore they perceive that they have a higher risk by breaking into your home.  This may be enough to make them bypass your house and look for an easier target (deterrence is another layer of defense).   Likewise, even if you don’t have a dog, there are companies such as DutchGuard that make motion detecting devices that will emit a very realistic dog bark.  Of course, actually having a big dog in the house will serve as a powerful deterrent.   And if a potential intruder peers into the house and sees a large set of food and water bowls laying by the entry, that may be enough to give them reason to look elsewhere for an easier target.  Even if you don’t have the big dog, put a set of food and water bowls meant for a large dog near interior areas visible to the outside.

Safe Room:  Have more than one safe room, if possible.  The safe room in many homes is a master bedroom because that is where many people keep their gun safes, and have other necessities such as a bathroom, water, and other comfort items in case they will be there for several hours.  If your safe room is something such as a master bedroom, consider changing out the small screws for the door hinges and latch plate with the longer three-inch screws to make the door harder to break down.  Install a solid core door if possible.  Install key-lockable entry locks on the safe room entry door.  Make sure your safe room has a phone (both landline and cell phone, if possible).  If you have firearms for home defense, make sure they are in the safe room area.  Have one of those remote alarm control device with a panic button, as mentioned above.  Make sure all of your family members know where the safe room is.  Have a code word that you use to tell everyone to get to the safe room quickly in an emergency.

If an intruder does break in, and you have all of your family members safely inside the safe room, STAY THERE!  Dial 911, activate your panic button, and keep emergency services on the line until help arrives.  Keeping them on the line is especially beneficial if you have a firearm as part of your home defense strategy.  They are able to hear you as you warn the invaders that you have a firearm and that you will shoot them if they enter your safe room.  This warning is recorded by the 911 operator, and may be helpful in the follow-up investigation, especially if you are forced to use your firearm for self defense.

Security Accessories:  Make sure and keep additional items that will help you in various areas throughout the house.  Flashlights with extra batteries can be kept in multiple places throughout the house.  Your cell phone should be with you.  Even keeping those old, un-used cell phones handy and charged up can be used.  Even if a cell phone isn’t activated with an account, you can still make 911 emergency calls from them.  A remote alarm system controller with a panic button is highly recommended if you have an alarm system installed.  Pepper sprays and other non-lethal self defense items can also be beneficial.  Also keep a first aid and 72-hour kits in your safe room.

Warning:  Any of the practice drills mentioned below should be done with an unloaded firearm.  Remove ALL live ammunition from the area before performing any practice drills. Use only unloaded firearms when practicing.  Check and double-chek your firearm to make sure it is unloaded before attempting any drills or practice in the home.

Drills and Practice:  Hopefully you already have fire drills in your home. But do you ever have a home invasion drill, possibly even in the middle of the night?  Try it some time, and ask yourself the following questions to identify potential areas where you need to develop a strategy: 

• Does everyone know where to go? 
• How long does it take them to get there? 
• Would anyone have to get to the safe room by first going through a part of the house that might be occupied by the potential intruder? 
• If you have a child in another part of the house, away from the safe room, how do you venture through the house to get to that child to ensure their safety.
• Do you have a defensive firearm?  Do you know how to gain access to it, even in the dark?

If you have a defensive firearm in a handgun safe, for example, drill yourself on how much time it takes to get into the safe, access your firearm and other essential tools such as a flashlight.  Do this both in the light, and in the dark.

Wrapping It All Up: Even if someone does break in and takes your property, property can be replaced.  That’s what insurance policies are for.  The purpose of having a home defense strategy is to keep you and your family members safe in case of a home invasion.  The purpose of a home defense firearm should always be that it is the last line of defense in an attack, and then used ONLY to stop the attack.  There are many layers that you can employ for your home defense strategy.

The home defense methods mentioned in this article are only some of the home defense techniques that can be used.  The NRA’s nationally recognized “Refuse To Be a Victim” seminar taught by Northern Colorado Firearms Safety Training will give you a well rounded self defense strategy.  We include information on keeping your home safe, staying safe while out and about, safety while traveling, and even safety while using your computer online.  See our scheduling for an upcoming class, or ask us about private instruction.

For More Information:  For a more complete self-assessment of your own home security, download this document.  It is published by the Jefferson County, Colorado Sheriff's office, and can be used to help you assess your own home security and find out which areas need attention.

Follow Up:  1/8/11 - Just as I was finishing writing this, I saw the following article in which men with shotguns burst into an occupied home at 9:30pm demanding money:

Article:  Home Invasion Suspects Arrested

Refuse To Be A Victim - Online Safety While Traveling:

More and more people are once again thinking of traveling, both for business and for pleasure.  School will be out soon, making way for family vacations – although with the ridiculous price of fuel, I’m not sure how many people will be traveling.  Even when only traveling for pleasure, many business professionals, as do I, take their laptops and PDA devices with them to be able to do work during a few “down” moments on their trip, or at the very least to have a way to keep tabs on their email and events at work.  We geeks are such workaholics, aren’t we?

On a recent business trip to the east coast, I had the opportunity to once again enjoy my hobby of just sitting back and observing people.  I was again reminded of just how complacent folks are about their security when it comes to using computers and other information technology enabled devices when on travel.  This seemed to be especially true when using computers in public places – either their own laptops, or computers in hotel business centers.  I am not sure if people are just in a hurry, or if they just really are not aware of the potentials for exposing themselves (in a “data” sort of sense, that is) while out and about.

There are a number of things I will talk about in this article having to do with ways to keep yourself (and your data) more secure when away on travels.  Some of these things are as simple as using fundamental physical measures to shield your computer screen from curious eyes.  Others involve the act of just taking the time to clean up after yourself when using a public computer, and yet other measures I will discuss simply involve the use of technology that is already built in to the devices that you are using.  There really is very little to no cost involved in protecting yourself with these measures, but the cost of giving away your data can be huge and devastating.  So let’s take a look at a few of the vulnerabilities we face everyday when on travel and some solutions for protection.

Shoulder Surfing:

If you are flying, your potential for vulnerability begins the very minute you get to the airport.  Many people find that they have to arrive at the airport a few hours early just to make it through check-in and security, in order to make their flight on time.  There is often a lot of “down time” here, so many people, as do I, pull out the laptop and the Blackberry, and do some work.  In this setting, we are often in very close proximity to other people.  Once we board the airplane, it is even worse.  Unless you are lucky enough to be in First Class, you are sitting with your elbows right up against someone else’s, and their wandering eyes are just a foot or two north.  Even if you aren’t flying, or have arrived at your destination, the local restaurant and the corner coffee shop are no different.  When you sit down in that comfortable chair to enjoy your latte and do some work, there are countless wandering eyes trying to figure out what you are doing.

 There are two main problems here.  First of all, your neighbor (who is usually NOT minding their own business) is looking at your computer as you type in your username and password.  If they can see your log-in box, they can see your username, and if your computer is joined to a corporate domain, they can see the domain name.  As you type in your password, unless you are lightning fast, they can see you type the characters.  I’m one of those “two-finger wonders” (I don’t touch type) so this is a particularly big problem for me.  A devious person with intent on harvesting such information (and they are everywhere, trust me) will be very good at following your keystrokes and will be able to obtain all the credentials needed to log in to your corporate network.  They now have your username, the name of your corporate domain, and your password.  All they have to do is get access into that domain, and they are in.  Your username and password exist on the domain, and are only cached on your computer, which means that they can access your account from any computer that can get access to your corporate domain, such as a VPN or other remote connection.  Another danger is that if they are able to steal your laptop (more on this later), they will have access to the data on it.  Remember – these people are everywhere.  And if they are shoulder surfing to get your log-in credentials, they are also following closely to look for an opportunity to grab your laptop as well.

The second (and more common) problem with being in close proximity to others is that they are often able to view what is on your screen.  Are you working on a document with sensitive personal or company information?  Composing an offline email that you really don’t want others (especially strangers) to know about?  How about that PowerPoint presentation chock full of corporate proprietary sales or engineering data?  Whatever it is, you have to either make sure you are only working on things that are completely dull and unworthy of your nosey neighbor’s interest, or make the screen un-viewable.  In other words, either pick non-sensitive stuff to work on during these times, or find a way to hide the screen.  For example, I usually pick some low-level instructional or procedure guide to work on while I’m flying, or just do some professional reading.  For example, I keep a lot of pdf white papers and “eBooks” from various online sources on my computer for reading while on the plane.  My job is such that professional reading and just keeping are large parts of my work anyway – so it’s not like I’m goofing off.

Solutions:  For the password problem, if you are on a computer that is joined to a corporate domain, use a local account on the computer (that does not have administrative privileges), and set a temporary password that will only be good for the duration of your trip.  Of course, if you do this, you will have to make sure you know where to browse to on the computer to get to your documents in your “real” account, because the profile you log in with will have a “My Documents” folder in a different location.  I get around this by accessing only documents that I have placed on a flash drive.  If you are not joined to a domain, then just set a temporary password, and set it back to your actual password when you get home.  One of the best solutions for this is to simply get a small finger print scanner to use to log into the machine.  Many are small, portable, and just plug into the USB port.  The newer laptops and tablet PCs even come with these built in.  See my article on biometric devices for more information.

For the “prying eyes on the screen” problem, there are a variety of filters you can buy that will obscure the screen when someone tries to view it from other than looking at it straight on.  This particular solution will also help to obscure your username and other login credential information as you log in.  If they can’t see your username, the password will do no good.  But again, don’t give them any pieces of the puzzle if at all possible.  As I always tell people:  “If they have even just your username, they then have 50% of the information they need to access your computer.”

Of course, being the wisenheimer that I am, if I notice someone trying to “catch a wave” on “shoulder beach”, I simply open a document, set the font to a larger size (to make sure they can easily read it), and then start typing in some juicy “official looking” verbiage.  After a paragraph or two, I start a brand new paragraph, and type in “I think the nosey person sitting next to me is looking at what I am writing.  I hope they enjoyed my previous two paragraphs.  Now GO AWAY!”  I have seen a red face or two resulting from that prank.

Using Flash Drives:

Flash drives are portable and can store a lot of data.  Many people have resorted to using them because if they know they will have access to a computer at their destination, all they have to do is put their documents on the flash drive and leave the computer at home.  Many cell phones and even iPods can be used for this purpose as well.  The problem with these small flash drives is that they are easily lost or forgotten.  It isn’t uncommon for someone to use them in a public or borrowed computer and then forget to take them when they are finished.  A lost flash drive means lost data.  Lost data can mean something as frustrating as losing work and having to do it all over again (if you didn’t have a backup copy somewhere else), or as devastating as putting sensitive information into a stranger’s hands.  

 

Flash drives are cheap these days.  If you lose the flash drive, you can just go get another one.  But what about the data on the flash drive?  Is it replaceable?  Will it cost you if someone else has it?  Another issue surrounding the ubiquitous nature of these things is that some people seem to have a whole lanyard full of them around their necks.  Do you have a good inventory of how many you have?  If one came up missing, how long would it take for you to notice?  Kind of like the movie “Home Alone” where the family had so many kids that they didn’t notice little Kevin missing until they were in France!   

Solution:  The manufacturers of many of these drives have solved part of this problem for you.  Flash drives have the ability to be encrypted, and the software to do that is often included with the flash drive itself.  Typically, this encryption works by having you set up a password in order to access the data.  You can encrypt all or only part of the flash drive’s contents.  If someone gets a hold of your flash drive, they can access anything that is not encrypted, but will need to know your password to access the encrypted data.  In some cases (depends on the drive and the encryption software), you can set your encryption such that if a number of unsuccessful password attempts occur the data on the drive will be erased.   Know how many you have and keep track of them.  If traveling, take only what you need – leave the other ones at home and in a safe place.  I promise – they won’t miss you.

Using Common Area (Business Center) Computers: 

Many hotels have business centers with computers to allow their guests to access the Internet and their web based email.  In fact on my recent trip, I had full Internet access at the office I was visiting, but had to pay for Internet access if I wanted to use my laptop at the hotel.  The only thing I needed after hours Internet access for was to check my personal email, and I wasn’t about to pay $10 just for 5 minutes of use.  My remaining option then was to use the business center, since using those computers was free of charge. 

A few problems present themselves in this scenario, however.  One is that people use these public computers and often leave their surfing tracks for all to see.  The other is that some people forget to just close out of their applications, and yet another is leaving those little flash drives plugged in for someone to come along and retrieve later.  In fact, while in the hotel elevator on my most recent trip, I heard a woman telling her colleague that when he finished using the computer in the business center, he had left his email open, and she could have gone through all his email.  Worse, she could have launched a few questionable emails in his name.  This is truly a dangerous situation.  What if it had been a stranger, and not a trusted colleague?  That person could have read email, sent a few of their own (under the email account owner’s name), looked at the address book to get a list of names of people at the company, and just in general could do some serious damage.  All this done under the name of the person who owns the account.  How do you prove that it wasn’t you who did those things?

 

When I used one of the business center computers, I got curious and opened the browser history.  I saw a plethora of email sites and surfing history.  Wouldn’t be too hard to put together a few patterns and find out where some of these email servers existed.  Depending on the cookies still on the machine, going to one of those sites may not even require me to log back in to access the account.  The cookie would remember that I (or more accurately the email account owner) was just there and just let me right back in.  This is especially true if the previous user had left the web browser open.

On a really malicious (and hopefully rare) side of things, a devious person could sneak into the hotel business center and put a keystroke logging dongle on the back of the computer between the keyboard and the computer, or in a USB port.  Such a device is used to capture everything typed into the keyboard.  Which means that they can get the URL to your banking site, the username and password for your banking site, and the contents of an email or anything else that you type into the computer.  These key loggers have legitimate investigative purposes, but are inexpensive and can be obtained by anyone – including thieves.  I say that this is (hopefully) rare, because most hotel business centers require a room key card to access – a person would (theoretically) have to be a paying guest in order to do this.  But many public computers often do not offer such access protection as that provided by hotel business centers.

Solutions:  For the reasons mentioned above, it is very important to pre-inspect the computer before and clean up after yourself after using a public computer.  It takes a few extra minutes to do this, but you can’t put a price on the time it would take to straighten out the mess after you have been exposed because you didn’t have time to prevent these vulnerabilities.  Here are some important steps to take when using public computers:

• Do a quick inspection of the back of the computer and any USB ports to look for key logging devices.   If you find something, and are not sure, contact the management immediately and have them investigate.
   
• Never select the option to have “Windows remember me on this computer.”  Do not allow the computer to store your username and password on the machine.  Some web based email applications such as MSN will give you an option to tell it that you are on a public computer and not remember anything about your session.
   
• Delete browser history, all temporary Internet files, and all cookies when you are finished using the computer.
   
• Make sure you are logged out of any sites that you visited.  Just closing the browser is not good enough.  You must click the “Log out” link on the web site before closing the browser.
   
• Close all instances of the web browser and all applications.
   
• Make sure you take your flash drive when you leave.

Being the cheapskate that I am, however, my solution is that I try my best to only patronize hotels and coffee shops that provide complimentary Internet access to their guests.  That way, I can avoid public computers altogether.  But sometimes that just doesn’t work out, and I end up staying somewhere that makes me pay additional fees for access.  In which case, the above solutions are a must.

PDAs/Blackberrys/Cell Phones:

Many of the same problems that exist with flash drives exist with these devices as well.  They are small, easily lost, and can really store a lot of information.  A Blackberry, for example is a phone, email client, and PDA all rolled into one.  Emails, contact lists, to-do lists, documents, and personal journals are just a few of the things that can be kept on these devices.  A lost phone device can not only give away sensitive data, but can give someone access to a free phone.  And watch what you are discussing.  What you say can be as revealing as anything else – especially if you are one of those people who puts everything on speaker phone, even when in public.

Solutions:  Just as you can do with your flash drives, you can password protect and encrypt the data on your PDA as well.  On my Blackberry, for example, I can password protect access and encrypt the contents.  Not only that, but my Blackberry is set so that if someone types in an incorrect password ten times, the Blackberry erases all of the contents.  Then, for added security, the data is encrypted, so that even if someone takes apart the Blackberry, and somehow gets the data off of the chip, the data is encrypted and unusable.  Don’t discuss anything on your phone that you don’t want others in close proximity to hear.  If you are sitting next to me on the plane, just don’t use your phone – period!  I have no interest in what you have to say ;)   

Laptops:

Saving the best and biggest for last: Laptops (and the data on them) need a lot of protection.  They can carry a lot of data, and are very attractive to thieves.  Keeping the laptop from being stolen is a job in and of itself, but if it does get stolen, there is more to worry about than just losing an expensive piece of hardware.  Keeping the data on it from being compromised is the really important issue at hand, and if someone can access the data, they can potentially do a great deal of damage.  

 

A big part of this problem is that even if they can’t log into the computer itself, and if they have the computer (physically), then they can remove the hard drive and put it into a computer that they can access.  In fact, many data recovery techniques rely on taking the hard drive out of the failed (or in this case inaccessible) computer and “slave” it into a working computer.  The working computer’s primary hard drive allows it to be booted up, and the slaved in hard drive contains data that can then be accessed.  More clever people have freely available tools such as Knoppix (Linux on a CD) that they can use to boot up the computer, bypass the security on that computer, and access the data on the hard drive.  In fact Knoppix can even be used to change the administrative password on a computer so that access can be gained through the more conventional method of booting up and logging in.

Solutions:  There are some basic measures that will protect against access to a computer, but only if the computer is not stolen.  In other words, these measures will work if you can keep the computer from being stolen.  But once the computer is in unauthorized hands, these measures can be quickly bypassed.  You can set a BIOS password that will prevent the computer from being booted into the operating system.  But this is bypassed by simply taking the hard drive out of the computer and putting it into a different computer.  Strong passwords for the operating system itself should also be used.  As mentioned above, consider using temporary or “disposable” passwords.  Small biometric devices, such as fingerprint readers, are fairly inexpensive, and many laptop and tablet computers have a fingerprint reader built in.  Unfortunately, this can still be bypassed by putting the hard drive in another computer, or using a tool such as Knoppix to access the hard drive’s contents.

Encrypting the hard drive contents will help a great deal, even if the computer is stolen.  Windows XP has the ability to do this using a built in feature.  Windows Vista has a built in tool called BitLocker.  Technologies such as that which is built into the BitLocker feature, for example, have the ability to protect data even if the hard drive is transferred to another computer.  The downside of that is that you need to make sure you remember your password for logging into the computer, or set up what is known as a “recovery agent,” or you will lose your encrypted data.

Wrapping It All Up:

There are many other dangers that I haven’t mentioned here, such as accessing wireless networks while on the road, but that is a topic in and of itself.  Wireless encryption, making sure you are not accessing an “evil twin” wireless access point, and a few other issues will be discussed in an upcoming article. 

 

But for the purposes of this article, I wanted to focus mainly on the more ”physical” aspects of being secure on the road, as well as using built-in technologies to protect your data.  Shielding your laptop screen from roaming eyes and preventing laptop theft are important ideas.  If your laptop is stolen, knowing that you took measures to prevent the data from being usable by unauthorized people is also a very important idea.  Other technologies, such as flash drives, cell phones, and PDAs represent things that are small, easily forgotten, or easily stolen.  Those items contain sensitive data as well, and must have data security measures proactively applied.  Once the data is in unauthorized hands, it must be assumed that it will be used for malicious or illegal purposes.  Even if you retrieve your items, it must also be assumed that the information was copied and will be used – unless you took measures to make it useless in the event that a loss occurs. 

 

It is easy to be complacent when traveling.  And, unfortunately, there are plenty of people out there willing to take advantage of this fact.  By taking a few extra moments to think about what needs to be protected, take inventory of your technology rich possessions, and take the extra time to protect your data, you will ensure a more worry-free travel experience.  If I ever go into a hotel business center and see that you left your email open – man – I will hunt you down!  (After I email a few jokes to your whole company, that is).

Additional Resources:

Article:  Web Surfing in Public Places is a Way to Court Trouble

Article: Mobile Computing: Traveling Without a Notebook

Theft tracking tools

• http://www.absolute.com/
• http://www.stolenlaptop.com/
• http://www.lojackforlaptops.com/default.asp

Product: The 3M Notebook Screen Privacy Filter

Article:  Laptop Security Part 1

Article:  Laptop Security Part 2