Sticky Notes: Friend or Information Security Foe?

Organization Nation

By Eileen Whitaker - I’ve always had a fascination with office and school supplies. As a child growing up, I couldn’t wait to shop for my notebook and dividers. While all of my friends were hitting up the mall in search of the “first day of school outfit”, I was in search of the perfect theme for my school supplies – I mean, can you blame me? This was, after all, a fashion statement. A girl could score major points if she had scented pencils and all her supplies were color coordinated. When I began teaching school, Office Depot and Staples became almost an obsession for me! I was always on the hunt for fun, trendy, supplies. My obsession carried over into parenthood. Yes, when all the other mommies ordered the “PTA pack of school supplies”, I could not bring myself to turn in the order form. Instead, I fought the crowds in search of the perfect set of school supplies for both of my girls; with multicolored clicker pencils and cheetah themed locker mirrors and magnets, they were sure to have a fabulous year! My all-time favorite supply? – THE STICKY NOTE! I love Sticky Notes. There, I said it! Pastel colors, vibrant colors, fun shapes, lined, unlined, flags, pop-ups… I love them all.

Sticky Notes in a Digital Age

My job with Traveling Coaches affords me the opportunity to travel all over and I’ve found that no matter which state I’m in, no matter which type of law is practiced, there’s always someone in the firm that shares my love of Sticky Notes. People LOVE Sticky Notes! It’s just that simple. I’ve found Sticky Notes plastered in all sorts of places in law firms. I especially love the collage of Sticky Notes that frame the computer monitors. The messages on the Sticky Notes are just as interesting as the notes themselves – “Right click is slick”, “Call Bob”, “Buy Milk or else!”, “You is Kind, You is Smart, You is Important”, “Password = **&$%!@#” (what?).

In my travels, I’ve found that I don’t get to enjoy Sticky Notes as I once did because they can be impractical for road warriors. So you can only imagine the joy I found when I discovered that Windows 8 has a Sticky Note applet. If you haven’t discovered it yet, click on the start button, type “sticky” and click on Sticky Notes. Ta-da! For step by step instructions on how to use the application, “it’s worth a Google”: Windows 8 Sticky Note tutorial. Even if you don't love Sticky Notes, I'm sure you will find them useful! They're great for reminders, notes, quotes, thoughts, affirmations, or important points. The app allows you to have multiple Sticky Notes, you can change the color, and resize them. Many have found this a valuable tool!

Information Security Fauz Pas? More like Foe Pas

However, while both paper Sticky Notes and electronic Sticky Notes are incredibly useful, if used improperly they do pose a security risk. I know, I know, you’re saying, “Are you kidding me, a harmless Sticky Note?” Let’s just speak candidly, shall we? – It’s not a good idea to write your password down on a paper Sticky Note and affix it to your monitor. Yet I see it done all the time. Would you write your alarm code on a piece of paper and tape it to your front door? While it is convenient, it is a huge risk. Likewise, it is not a good idea to create electronic Sticky Notes containing information which may be discoverable. Do I have your attention?

When you type information into a Sticky Note, the data is automatically saved into a single file called StickyNotes.snt found in the AppData folder. When you delete a Sticky Note, the data is NOT removed from the data file. This is good and this is bad. The good news is since the data isn’t really removed, when someone “accidently” deletes important information it can easily be retrieved by opening the file with Notepad. The bad news is since the data isn't really removed that incriminating note you just typed can easily be retrieved. Eek! Further the StickyNotes.snt file can easily be opened on any computer as any user using Notepad.

The Debate Goes On (Cue Music)

This has raised some concern in legal IT departments around the world. Many are concerned about the data being discoverable. Should your firm write policies surrounding the use of Sticky Notes? Should your users be cautioned regarding what type of data can be placed in the Sticky Note app? If your firm already has a policy in place, I’d love to hear from you. Sticky Notes, Friend or Foe?