Imagine you have two cabinets in your kitchen. One is labeled “Poisons,” and the other is marked “Tasty Treats.” Okay, it’s a strange kitchen. On the counter below are two identical containers. They are identical in every way—same weight, same size and same appearance. Neither container is labeled. One of the containers is near the cabinet that says Poisons, the other is near the cabinet that says Tasty Treats. It might be a fair guess that the one near the Treats cabinet is just that—something good to eat. The other one must be for rattraps.
However, you want to make sure, so you carefully open the container and take a whiff of the contents. Almonds! You like almonds and so you put them in your Tasty Treat Bowl and start chowing down. You spy and murder mystery buffs see where I’m going with this, don’t you? For those of you too young to watch Murder She Wrote, arsenic has the smell of almonds. You suddenly stop munching those almonds in mid-bite, but it’s too late. Labels—correct and clear labels—would have been useful in this situation.
Let’s move that same scenario into a room filled with computers. The cabinets become computers, some labeled Classified, some not. On the tables around them are CDs, DVDs, flash drives and other portable media all without labels. How can you be sure that the storage media that you plug into an unsecured machine does not contain proprietary data? Are you willing to “taste” them to be sure? The message here is simple: unlabeled and mislabeled storage media pose risks because of potential confusion, misuse and compromised security.