Data Security FAQ

Some frequently asked questions about how to safeguard your computer data on a personal and business level. It assumes that you DO NOT have gigabytes of music and movies that require extensive security measures to protect.

1.) How should I begin to secure important data on my desktop computer or laptop?

First, it makes sense to designate 1 or 2 specific folders on your computer as the main folder for confidential file back-ups for several reasons. If you have to do a quick back-up, all you do is copy that folder to an external drive for an instant back-up.

Second, It provides a centralized location for all important data. Instead of having to hunt down the menu, sub-menu, sub-sub-menu of where you normally download company financial spreadsheets, you can set your browser and programs (such as Quickbooks, etc.) to save/download all important files to this folder.

Third, let’s say you only save ALL important files on a flash drive/external hard drive. If your notebook gets lost/stolen, the thieves only have the programs and not the actual confidential files which are on the cheap flash drive.

2.) Great, now how do I actually back-up my designated BACK UP folder(s)?

Here’s where it gets tricky. You have several back-up options such as:

A.) Cloud – Services such as Carbonite and Mozy offer low-priced back-up solutions. You basically upload all your confidential files to their cloud servers and are able to access them anywhere in the world where there is Internet access. The main issue is that, from a business security perspective, you have no idea where your data is stored.If, for example, it’s stored in a server farm in China which gets hacked, then you’re in trouble.

B.) External Hard Drives – These nifty devices come in portable 2.5” and larger 3.5” flavors and offer more than generous dumping grounds for all things important. Once you plug it in, your OS recognizes it and pops you up with a folder showing it as a (giant) external drive with a letter (i.e. G:) Some even feature OTB (One Touch Backup) so you press one button and it backs up either your entire system or certain portions of it. Some external hard drives offer plug-in encryption that prevents unauthorized access. The issue with this solution is that you have to lug it around, which means it has a chance of getting lost/stolen and the formality of performing a back-up might become time-consuming to some.

C.) Flash Drive – These little drives are more nimble, have zero moving parts and are highly portable. Unfortunately, this is also its Achilles’ Heel as its relatively small size makes it prone to becoming misplaced or stolen. Also it does not have the capacity of a larger external drive. The good news is that some flash drives have built-in encryption which can be useful if it lands in the wrong hands.

D.) Home/Office Network Attached Storage Drive – Also called NAS, this is an excellent solution for comprehensive back-up protection as these hard drives function as dumping grounds for an entire home or office network. It provides a centralized location for files, folders and documents which any connected computer can access and come in large drive sizes. However, security precautions should be utilized if the NAS has built-in measures as an unsecured NAS may be prone to prying eyes. For example, a NAS without security protocols activated while connected to a home Wi-Fi network is prone to being breached. Because of this, it’s crucial to configure the NAS security as well as the router/network security for optimal protection.

E.) Backing up to CD/DVD/Blu-Ray – Optical media back-up is actually a very cost-effective solution because CDs and DVDs are very cheap nowadays. Furthermore, if you’re looking to close the books for a certain month on your business, burning to a CD-R or DVD+R sets the data in stone so it can’t be manipulated on the disc. The problem is that if you have lots of data to back-up, the formality of using several CD-R or DVD-R discs to save might also become time consuming. In addition, you would have to make sure said back-up discs are placed in a safe place where the chance of it getting stolen is minimized.

3.) Which back-up method should I pick?

While the above solutions offer many ways to back up your confidential data, the best way to minimize a data breach/loss is to follow a combination of multiple back-up solutions and proactive behavior. For example, it would be a good idea to store important sensitive data on your flash drive and encrypting it with TRUE Crypt while also saving duplicate file copies on your home NAS drive via secure VPN connection. If your flash drive is lost/stolen, True Crypt prevents the drive from being used without proper credentials and you can still access the very same duplicate files on your NAS server.

Regarding proactive behavior, you should be mindful of back-ups so you don’t lose something you wish you saved 2 weeks ago.

There are also programs out there that can help secure data such as:

• Folder Lock – Locks and can hide any folder you wish from prying eyes.
• True Crypt– secures drives with extensive hardware encryption.
• Acronis Drive Cleaner – Completely erases all drive data with several methods (DoD, Gutmann method, etc.) – works great if you’re planning to get ride of old computer hardware.

Remember, it’s all about being proactive and being mindful of what back-up security solutions to use for your personal or business needs!

Cloud Compting

There’s no doubt that cloud computing has made a huge splash in our technologically ubiquitous society. Its benefits help businesses with productivity and give consumers more convenience about back-ups and data storage. Still, there are a few issues that should be addressed for anyone, whether a business owner or average Joe computer user, before making the jump to any cloud computing solution.

Reduced Control

The popular concept of cloud computing involves offloading and archiving pertinent files and data to an off-site 3rd party company which guarantees virtually 100% uptime and secure access anytime anywhere. The problem is that you’re basically having another entity hang on to your confidential information which reduces the amount of control you have over that information. In addition, you have no idea where your information is being stored.

What if, for example, your data is managed by a 3rd party cloud service company whose computer servers are located in Niger and due to an anti-government uprising, the cloud company’s infrastructure is compromised? You would have no idea whether your data was saved and moved to another location or if the data itself was possibly compromised by unauthorized parties. Granted, the chance of this happening is probably low but the big picture is that you’re virtually powerless in safeguarding your own information against issues from the external environment. Regarding Murphy’s Law, many cloud service companies pitch a near-100% uptime guarantee but there is still a chance the service could be unavailable (due to system malfunctions or maintenance) during the time when you need it the most.

Legal Issues

Using cloud services also presents a potential legal headache for both you and the hosting company. For example, cloud service provider Dropbox recently experienced a security breach in which all accounts were accessible by entering ANY password for approximately four hours. While Dropbox was able to rectify the issue promptly, one of their users is now filing a lawsuit for the security issue.

What if you had personal (or company) information that was compromised? What legal recourse would you have? Basically it means there would be extra work for you (and your legal team) having to deal with straightening things out, (such as breach of contract and/or having to find another cloud service provider). For cloud service users looking to store music into their respective digital lockers, external parties such as music label companies have raised a legal uproar about Amazon’s cloud music service which could make it difficult, in the long-run, about what type of data can be stored on a cloud.

Proactive Measures

While there is zero way to completely prevent any type of cloud service issue, there are a few steps you can take to minimize the chance of having one of these issues compromise your confidential personal or business information.

First, it would be logical to adopt a “Don’t keep all your eggs in one basket”approach which means only uploading the pertinent data that needs to be accessible to the necessary company personnel.

For example, if you have sales personnel traveling to Europe for a trade show and they need cloud access, it would be wise to not leave your Finance, Competitive Strategy and Company Financial Statements available on the cloud.

You can also specify exactly, which employee(s) are allowed access to your cloud servers and make them aware of the heightened security involved with such access. (Increased accountability with updated IT security access/policies)

Next, you can also use a 3rd party encryption program such as True Crypt and encrypt all information before uploading it to your cloud service. This provides redundant security on two counts.

1. First, your data would be useless if intercepted (in any way) by unauthorized parties. (unless they can break through True Crypt’s ridiculously-tough encryption)
2. Second, if the cloud service’s infrastructure is compromised, your information is still useless to anyone except you or your employees. You can also save a copy of all your confidential information on your own secure personal or company network which provides an alternative access point in case the cloud service goes down for any reason.

The big picture is that with all this technology that’s continuously revolutionizing our personal and company lives, you should always approach new technological solutions with a balanced perspective, weighing both the pros and cons while considering what steps can be taken to keep your digital life secure.

Are you currently utilizing a cloud service? If so, let us know in the comments and share your own prespective about this topic!