For the record, I retired from Internet security/software security/corporate security four years ago. Not the smartest in the bunch but smart enough to use logic and common sense.

Like I said, retired four years ago. Wife and I travelled, bought a smaller home hundreds of miles away in a small community, and spent our days fixing and repairing and updating the house. As the work is winding down, we decided to volunteer to pass the time.

We joined the local museum as volunteers. Extensive collection of newspapers and photographs and documents and records, among the usual historical artifacts. The place is run by a guy whose family dates back a couple of hundred years in this area. The rest of the staff are mostly retired volunteers like us.

Of the many things that needed to be done, I took up digitizing old newspapers, photographs and other documents. In my career, this was something that was always part of my job, so it was super easy. Digitize it, run it through OCR, save as PDF and catalogue it on a 1 TB drive on the laptop.

This is when the red flags popped up. I asked how everything was backed up. "We don't feel the need to back it up that often. Our IT guy runs a backup once a month or so." I asked if it was cloud storage/off site. They replied that the backups were done to a portable drive kept in another office. I asked, what if the place burns down, what contingency do you have? Deer caught in headlights response.

I asked if things get locked up at night, should I place the laptop in a secure area? No, it'll be fine, they replied.

The museum is in a shithole part of town surrounded by junkies and homeless picked up off the streets of bigger cities around us and dumped off in our town.

Fine, whatever. I started the scanning of documents. The laptop had the login PIN printed and taped on the laptop, next to the keyboard, (Another red flag). Chrome was logged in with the former curators email, and after entering the PIN, I had access to and could see every single one of her social and transaction passwords. (Red flag). Should I delete this profile? I asked. No, we don't know what she was using so stay logged in. The W11 OS was also running McAfee, Norton and Avast at the same time, along with Defender.

So for four weeks, one day a week, I scanned, and catalogued thousands of old documents.

Today, we went in and there was ashen faces. Someone had broken in and stolen the laptop. And the backup hard drive.

Everything was gone.

The thief can login of course as the PIN is printed right on the laptop. All my work, and the years of work by others, all gone. So was the external backup drive. The IT guy, retired, was one of those guys who bought a 286 computer back in 1991, running Windows 3. That somehow made him an expert on everything. I doubt he worked in anything bigger than a small manufacturing plant before retiring 20 years ago.

We walked out. Don't waste my time.