data theft
This is quite a deep topic but we will cover the basics, I will break it into two sections as both sections have quite different ways to prevent data theft.
Local data theft
Local data theft, i.e. someone logs into your machine and steals data while you are physically sitting on your system. You probably have a Windows password on your machine, but did you know that locally it’s very easy to remove that password or bypass it altogether? Here are some more effective ways to prevent someone from gaining access.
1.BIOS password
This is a password that is presented even before Windows starts to load. Especially on laptops this can be quite effective in stopping a data theft attempt, on desktops it’s easier to get around this one. Also, if you remove the hard drive from the machine, the person may have access to your data. It is always recommended to change passwords every 6 weeks or less in case a would-be thief figures out what it is.
2. Hard drive encryption
Most modern hard drives support hard drive encryption, whether or not you can implement it depends on your BIOS and computer model. For example, it is rare to see hard drive encryption on a consumer laptop. But it’s even rarer NOT to see it on a business laptop. This is quite an effective tool, again a password is presented before the operating system starts, if you don’t know it, the hard drive is useless.
3.Biometrics
Think of things like fingerprint readers, facial recognition, and iris recognition. These have their advantages and disadvantages.
In addition, they are easy to use and can be an effective deterrent.
Also, if they are commercial grade, your data will be encrypted, which is a good thing.
Less, they usually resort to passwords, so if the thief knows your password, they can choose to use it instead of their features.
Less, if they don’t have password backups, then if your biometrics change for any reason, a burn or an accident, you can lose your data.
Less, if they are consumer grade, they just store your password and use biometrics to enter it into windows and grant access. No encryption.
4. 2 token authentication
This is now commonplace among businesses and is becoming more available to small businesses or “prosumer” users. Basically you need two forms of authentication before you are allowed access. Biometric + password or password + magnetic card, etc.
This is safer again and possibly overkill for the typical home user.
remote data theft
This is the realm of hackers, viruses, and the occasional disgruntled employee. This is one of the most likely ways your data will be stolen or deleted. If you don’t have security hardware and software on your network, you’ll leave your machine open to the wild. The idea here is to prevent them from getting in the first place.
We did an experiment with a vanilla XP system with no firewall or internet security, it lasted about 4 minutes and then it didn’t boot, so long that we had to delete it and start over.
Here are some steps you can take to make your online experience more secure.
1. Updates
No software is perfect, and as people discover loopholes, backdoors, exploits, and other ways to hack into a network, the software vendor fixes them too. Tuesday is Windows Patch Day, so on Wednesday you can be sure you have updates to download. If you don’t update, it will leave your system and your data open for collection.
2. Internet security software
Isn’t a free antivirus enough? I get asked this all the time. The truth is that it would really depend on a number of factors, but the general answer is NO. The free antivirus is the basic that any company can offer. All of those companies have paid for much more comprehensive offerings that do much more. Usually a free offer will only scan files, a paid offer will do things like;
Heuristic analysis – where they look for patterns of infection or symptoms rather than simply matching a virus to a definition.
Email scan: They will instantly see an email with a dubious attachment or a phishing email trying to get their data.
Web Scan – They will warn you of any questionable websites that have been linked to fraud or other illegal activities
Firewalls: They will have a full-featured software firewall that will deflect attacks.
It’s worth upgrading your security software to a full suite. Go with the brands, my favorite is Kaspersky Internet Security.
3. Hardware firewalls
Windows and security software will provide a software firewall, but if your machine is compromised, chances are that software firewall has been compromised and configured by the virus or whatever to let in all the nasty stuff (like in a Trojan horse attack), therefore, an essential element of a network is the hardware firewall.
The good news is that if you have a router of any description, it probably has a built-in hardware firewall. Here are some tips on Firewalls;
has. ports – a port allows certain types of traffic, such as mail traffic or website traffic, only open the ports you need and close all others. If you stop using a port, close it.
b. UPNP – Universal Plug and Play, this can be turned on by default in firewalls and allows a program on your computer to tell whether a port should be open in the hardware firewall. This can be bad if that program is a virus or Trojan. Just have UPNP turned on if you need it. In a business setting you probably wouldn’t.
against DMZs – Demilitarized zone, if you let something use this, you’re basically giving them an open window to the outside world, where they can send anything and outside they can send anything. Use with extreme caution.
d. SPI – Stateful packet inspection. When considering a firewall, any decent one will have SPI, it checks packets for any anomalies and is very good at detecting and blocking attacks.
Depending on the size of your organization, you may want to go for a dedicated firewall, however these typically cost upwards of $1000 so could be a hefty investment for some.
4. Remote access passwords
You should always protect remote access passwords. If an employee leaves his office, he must change all passwords he had access to immediately or they could cause significant damage, data loss or theft.
You should always make remote access passwords difficult, follow these guidelines.
has. Minimum of 8 characters
b. At least 1 uppercase letter
against At least 1 number
d. At least 1 special character like @or? symbol
me. Change them at most every 6 weeks.
This makes it much harder for someone to “crack” your password, hello123 just isn’t good enough.
5. OS version
Support for Windows XP, now 10 years old, is about to end. Also, newer operating systems like Win 7 and 8 are much better at blocking unwanted attention and dealing with attacks than previous generations.
If you haven’t upgraded yet, please do so. You are very late.