data theft
This is a pretty deep topic, but we’ll cover the basics, I’ll split it into two sections, as both sections have quite different ways to prevent data theft.
Local data theft
Local data theft, i.e. someone logs into your machine and steals data while it is physically sitting on your system. You probably have a Windows password on your machine, but did you know that locally it’s very easy to remove that password or bypass it entirely? Here are some more effective ways to prevent someone from gaining access.
1.BIOS password
This is a password that is presented even before Windows begins to load. Especially on laptops this can be quite effective in stopping a data theft attempt, on desktops it’s easier to get around this. Also, if you remove the hard drive from the machine, the person may have access to your data. It is always recommended to change your passwords every 6 weeks or less in case a would-be thief figures out what it is.
2. Hard drive encryption
Most modern hard drives support hard drive encryption, whether or not you can implement it depends on your BIOS and computer model. For example, it’s rare to see hard drive encryption on a consumer laptop. But it’s even rarer NOT to see it on a business laptop. This is quite an effective tool, again a password is presented before the operating system boots, if you don’t know it, the hard drive is useless.
3.Biometrics
Think of things like fingerprint readers, facial recognition, and iris recognition. These have their advantages and disadvantages.
Furthermore, they are easy to use and can be an effective deterrent.
Also, if they are commercial grade, your data will be encrypted, which is a good thing.
Less often they resort to passwords, so if the thief knows your password, they may choose to use it instead of their features.
Less, if they do not have backup copies of passwords, then if your biometrics change for any reason, a burn or an accident, you can lose your data.
Less so, if they are consumer grade, they just store your password and use biometrics to enter it into windows and grant access. No encryption.
4. 2 token authentication
This is now commonplace among businesses and is increasingly available to small business or “prosumer” users. Basically, you need two forms of authentication before you’re allowed access. Biometric + password or password + magnetic card, etc.
This is safer again and possibly overkill for the typical home user.
Remote data theft
This is the kingdom of hackers, viruses, and the occasional disgruntled employee. This is one of the most likely ways your data will be stolen or erased. If you don’t have security hardware and software on your network, you’re leaving your machine open to nature. The idea here is to prevent them from getting in in the first place.
We did an experiment with a vanilla XP system with no firewall or internet security, it lasted for about 4 minutes and then it wouldn’t boot, so much so that we had to wipe it and start over.
Here are some steps you can take to make your online experience more secure.
1. Updates
No software is perfect, and as people discover loopholes, backdoors, exploits, and other ways to hack into a network, the software vendor fixes them too. Tuesday is patch day for Windows, so by Wednesday you can be sure you have updates to download. If you don’t update, you’ll leave your system and your data open to pick up.
2. Internet security software
Isn’t a free antivirus enough? I get asked this all the time. The truth is that it would really depend on a number of factors, but the general answer is NO. The free antivirus is the basic that any company can offer. All of those companies have paid for much more comprehensive offerings that do much more. Usually a free offer will only scan files, a paid offer will do things like;
Heuristic analysis – where they look for infection patterns or symptoms rather than simply matching a virus to a definition.
Email scanning – They will instantly see an email with a dubious attachment or a phishing email trying to get your details.
Web scanning: They will alert you to any questionable websites that have been linked to fraud or other illegal activities
Firewall – They will have a full-featured software firewall that will deflect attacks.
It pays to upgrade your security software to a complete package. Go with the brands, my favorite is Kaspersky Internet Security.
3. Hardware firewalls
Windows and security software will provide a software firewall, but if your machine is compromised, that software firewall is likely to be compromised and configured by the virus or whatever to let in all the nasties (such as in a Trojan attack), therefore, an essential element of a network is the hardware firewall.
The good news is that if you have a router of any description, it probably has a built-in hardware firewall. Here are some tips on Firewalls;
A. Ports – a port allows certain types of traffic, such as mail traffic or website traffic, only open the ports you need and close all others. If you stop using a port, close it.
b. UPNP – Universal Plug and Play, this can be enabled by default on firewalls and allows a program on your computer to tell if a port should be open on the hardware firewall. This can be bad if that program is a virus or trojan. Only have UPNP enabled if you need it. In a business setting you probably wouldn’t.
against DMZ – DMZ, if you let something use this, you’re basically giving them an open window to the outside world, where they can send anything and outside they can send anything. Use with extreme caution.
d. SPI – Stateful packet inspection. When considering a firewall, any decent one will have SPI, it checks the packets for any anomalies and is very good at detecting and blocking attacks.
Depending on the size of your organization, you may want to go for a dedicated firewall, however these typically cost upwards of $1000 so could be a hefty investment for some.
4. Remote access passwords
You should always protect remote access passwords. If an employee leaves your office, he must change all passwords to which he had access immediately or they could cause considerable damage, loss or theft of data.
You should always make remote access passwords difficult, follow these guidelines.
A. Minimum of 8 characters
b. At least 1 capital letter
against At least 1 number
d. At least 1 special character such as @or? symbol
my. Change them at most every 6 weeks.
This makes it much harder for someone to “crack” your password, hello123 just doesn’t cut it.
5. OS version
Support for Windows XP, which is now 10 years old, is about to end. Also, newer operating systems like Win 7 and 8 are much better at blocking out unwanted attention and dealing with attacks than previous generations.
If you haven’t updated yet, please do so. You are way behind.