One of my Mantra’s is Security, Security, Security!
Recent events have re-enforced the need to return to this very important subject related to IT and computer systems. There is no-one I know who does not have some form of security on his or her property. It does not matter whether they live in a 6-figure sum house or in rented accommodation. Measures may range from a single lock to a very sophisticated alarm and surveillance systems, but the point is they all have some form of security.
The same should be true of our computer systems. It does not matter if your system is connected with National Security or stands alone in your house, if it contains data that is sensitive to you, you should take steps to protect it.
In this article I will go through some of the steps that you can put into action to make sure that life for the would-be thief is made difficult.
When it comes to the world of IT security, it is easy to overlook the obvious. When I was at school one of the ‘catch you out’ questions went like this:
“If red houses are made out of red bricks and yellow houses are made out of yellow bricks, what are green houses made of?”
The logical answer is of course green bricks but the correct answer is glass. The question is posed in such a way as to lead you down a certain way of thinking. When it comes to IT, for some reason we think of complex ways to set up security when some simple practical measures may be all thats needed.
Lock It Away
If you have a notebook make sure that you lock it away when not in use or away from your desk overnight. Although this may be inconvenient for desktops it is still an option. I know of at least one large bank that puts all its desktop pc’s into a strong room at night. It may be tedious but very effective.
Bolt It Down
If your computer is a server then shutting it down and putting it away may not be an option. Then consider bolting it down. You can buy security cages that bolt to the floor and would take far too long for the opportune thief to cut through and steal.
Many proper servers come with a lockable front panel, which prevent the computer from being opened, and/or the drives removed. Why not make use of this simple deterrent?
Monitor Sensitive Systems
If you are a business, then for relatively little money it is easy to set up surveillance. All that you need is a security camera (costs start lower than 200 pounds) connected to a basic computer. These systems not only record events but can also send images to offsite computers or even send alerts to your mobile phone. You can log into the camera from remote sites using the Internet; this is particularly useful if the alarm system goes off and you want to check your premises immediately.
You would be amazed at how many systems and sensitive documents have no password security. There are at least 4 important things about using passwords.
- Use strong passwords
A strong password has the following characteristics:
Mixture of upper/lower case letters
Includes characters like @&%
At least 8 characters in length.
If your passwords do not contain the above, then your system may have the security equivalent of a rusty bolt with some of the screws loose!
Do not use one password for everything
- Change passwords regularly
Some Servers can be set to force regular password changes every month or whatever time scale you choose. The system can also force that a password cannot be re-used within so many cycles.
- Never use sensitive passwords on an unknown system
This is a no question policy of sound advice. Break it at your peril. You have been warned. To do so is like leaving a full set of labelled keys in a public place. There are a number of software products readily available on the market that keep a logging history of all keys pressed on a keyboard. Some even detect mouse click selections. If you have to use a password (maybe in a life or death situation) on an unknown system change your password as soon as you can from a known secure system.
- Write down your passwords!
Yes, I know many of you will have read that twice and wonder if I have lost the plot.The advice from any bank or agency is never write down your password anywhere. Actually I agree. You should never write down your password in a form anyone can recognise. But with so many passwords we need to remember, is it any wonder that people use the same password over and over again? What I do, is write down my password in an encrypted way that I can understand but no-one else would have any idea what the numbers mean. Most, if not all credit cards work with a 4-digit pin number. What you can do is write them down in the wrong order and add 1 or 2 more numbers in the same place each time or always add the same number more to the original numbers. Also, I never write down my passwords or PIN numbers alongside the source, e.g. I do not write down the name of the bank with number next to it. I devised a system for naming the bank account and the password. If someone found my list they would never know the significance of the information and more likely than not discard it.
One problem uniquely associated with IT theft is that the thief does not have to break into your property to gain access to your system or sensitive data. Thanks to the Internet the thief can be on the other side of the world, sitting drinking coffee while he is stealing from you.
All businesses should have a good firewall, full stop! Good routers come with built in firewalls of various quality. From behind these fire-walled routers, a would be thief gets no reply when he/she tries to ‘ping’ your IP address to find out if there is a computer at the other end. Don’t worry about the technical terms, Firewalls simply make your computer invisible to the outside world.
Prohibit/prevent use of file transfer and chat programmes
If you are a business your router or third-party software can prohibit access to file transfer programmes commonly used to download music or chat programmes. These programmes can act as gateways through your firewall security.
If you are a home or business user you should consider using one of the many third-party software commonly known as Internet Security Packages. I suggest one that marks websites that are safe to search.
Protecting Mobile Devices
Many businesses have personnel who use mobile devices that contain up to date data usually like emails, dairy and reminder events. Most of these devices synchronise with the main server in the office. These devices are easily prone to theft. What many users may not know is that they can be remotely wiped of any sensitive data no matter where the devise is in the world.
In protecting your property it is common to insure against fire, theft and accidental damage. No talk about security would be complete without mentioning backups, the equivalent of accidental damage. Here, I would just like to mention one method of backup that I am being asked about more and more these days – off site backup.
A lot of third-party groups are now offering offsite backups. Options are available for the home and business user. There are certainly some good points in favour of this option, but there are limitations that I would like to draw your attention to:
Should not be considered as the total answer
It is uncommon that one solution fits all needs. For example, what happens if your broadband connection goes down?
Naturally, as a service that is being offered there is a cost involved. Vendors of these services charge on the basis of how much data is stored offsite. The costs range widely. As a believer in ‘you get what you pay for’ you need to investigate each offer carefully.
Data Transfer rates and amounts
You have to take into account how much data you need to back up. Remember that offsite backup times will depend on how fast your broadband connection is (if you do not have broadband this option is a non starter). Most systems work on the basis of the first backup moves all the files – which can take days – then only does incremental backups thereafter.
If your service provider contract limits the amount of data you can transfer you need to make sure you do not run into the problem of excess charges.
Generally, you can’t beat doing a full backup and storing the tapes offsite yourself. I view this as a good option for small but very important files as a tool in the weapons’ arsenal.
If you would like help or advice on any of the issues raised in this article please visit my website at http://www.b-d-p.co.uk