by Andy Jorgenson, NCET VP of Creative Services
It is 10 p.m., do you know where your encryption keys are? Be afraid. Be very afraid. Are you hooked yet?
Data security actually does not have to be scary or mysterious, but that doesn’t sell papers. It is understandable that this subject would cause so much anxiety for a few reasons. The risks of data breach and loss are very serious and should not be ignored, and computer technology is complex and not very well understood by many of us. Also, there is no shortage of competing advice floating around out there that often lacks context and is delivered with absolute certainty. In this tiny column, I shall attempt to address some points that sometimes get overlooked.
Absolute statement #1: Physical security is everything
Begin your security assessment here. If someone can walk in off the street and make off with your company’s vital data, you are not secure. What is secure? Locked closets and cloud services are secure. Some people will worry about cloud services, but they are usually more secure than a locked closet. Data security is about layers and this is the first layer. There will always be risks at each layer, but another layer of security will keep the wolves at bay and keep us sleeping well, presumably, at night.
Sage advice #2: Encrypt your hard drive
Laptops cannot be physically secured so use the hardware security that is now built-in to most operating systems. On a Mac, enable full disk encryption. On Windows, talk to your system administrator about BitLocker.
Item #C: Always have a backup. And a backup for your backup.
Yes, backup is part of data security. Whether you lose your data to a thief, a fire, or a bad hard drive, you still lost your data. For important data, it is advisable to keep at least three copies on different media and at least one of them should be stored in a different place. Redundant hard drive systems such as RAID don’t count as an additional copy. If I’m using Dropbox, there is at least a copy on my computer and a copy in the cloud because the app maintains the synchronization between my laptop and their cloud. This protects against losing your laptop, but not accidental deletions. If it is important, you should also have a backup of this data that does not remove deleted or changed files.
Myth D: Complex passwords are more secure
They’re not. Because of the availability of massive computer power via the Internet, the length of the password is the only thing that makes it secure.
But everyone says I need a number and a special character?
They’re wrong. A phrase of twenty characters or more that you will remember without having to write down is more secure.
Exhibit #5: Use two-factor wherever possible
Multi-Factor Authentication requires an additional step after a password is used to verify the identity of the person entering the password. It’s a hassle. Do it anyway.
Revelation #6: Continuity is also security
Ensuring uninterrupted access to your data and systems is also part of data security. Make sure that you don’t lock yourself out of your admin accounts by having more than one admin or keep the admin passwords safely locked away in an encrypted file or a vault.
Last one: Manage identities
Only one user should have access to any user account. All actions should be identifiable and traceable. This should be a company policy and it should be followed. Often, people share passwords to access each other’s files and emails. This is not secure. There are other ways to delegate access properly.
When an employee leaves, it is important to be able to quickly turn off their access. With all the different platforms and services we use at work these days, that gets tricky fast. Single Sign-On (SSO) systems allow you to turn off access to everything in one fell swoop.
Andy Jorgensen is the IT Lead at Flirtey and is NCET’s VP of creative services. Flirtey is a local upstart drone delivery service that aims to save lives and improve lifestyles by making delivery instant for everyone.