Top
 

Data Security – It’s Not Always What You Think!

Data Security is the latest buzz word around, moral outrage at its peak over the FaceBook data sharing incident where 87 million records were used by Cambridge Analytica for use in Election campaigns. We pass no moral judgement, so let’s take a step back and have a look in our backyard!

If you consider that your data is yours, then it’s your responsibly to reduce the risk of your data being compromised. The buck stops with you!

Here is our checklist for you to test your own data security standards:

 

Passwords

Passwords are the foundation of data security. Understanding that dumb passwords like “Password, 12345, Your own name” etc are just dumb and can be easily hacked. Use Case sensitive letters and numbers. Pass Phrases are much easier to remember and almost impossible to hack. Here is an example, HSVGTS427Holden. This password if you are a car nit is easy to remember but hard to crack. Or try something like SydneyisGr8today. Easy pass phrases work. We all must have multiple passwords for everything we do.  How do you store them? Well, the piece of paper is not secure, the note in your diary is not secure. Use a professional password system like LastPass

Heard of multi factor or 2 factor authentication? This is an extra layer of protection that once turned on for email and banking etc is added security. Two Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token.

Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person’s personal data or identity. You should use this where ever you can.

You can argue that we should not have to go to this effort, but its hard to argue against large companies that secure data in much more robust ways when we don’t do it ourselves.

 

Internet and computer security

The internet is served in your business or home by a Gateway or modem router. These have passwords and they have firewalls. A firewall is like a pegboard – it only lets data through open ports that have been opened by applications. Port 80 is the common one for browsers and internet access. CCTV Systems and remote access tools open more ports. Use this tool on your own IP address to see what ports are open on your gateway: https://mxtoolbox.com/portscan.aspx/

Only have the ports open that are needed. Ask a IT pro to help you with this if you are not sure.

Does your computer start up without a password? What if someone steals it? What if you walk away from your screen and someone accesses your computer? Your computer should have a password. CTR +L will lock your Windows 10 screen. Basic security.

 

Websites and Social Media

When you visit a new website, more than likely you will have a log on or need to create an account. If you have followed our tips, you will have a strong email password. If, in the example below, you log in with Google rather than your own email address, you are agreeing to share certain data with the website and the tool you are using to authenticate your log in with.

Data sharing is here to stay and for the most part it has delivered convenience. We all struggle remembering passwords and it’s an effortless way to log on using your FaceBook or Google account. Every time you to this you are sharing data.  Overall, data sharing can work to target information in a way that benefits you. When you see targeted content, mainly ads this is because data sharing has served ads that meet your interest. Right or wrong its not going to go away.

Review what you post on Social Media. Understand that when you post, many will see what you have posted, and they can share that content. If you don’t want stuff to be shared, don’t post it.

 

Office and Vehicle security

It’s dumb to think that all data is online. In the old days of paper, sensitive information was printed. If you have documents, then they should be behind lock and key. And put the key in a safe place and that’s not in the top draw.

Recently, a Canadian business had one of their employees with boxes of company documents inside their car stolen. The documents were not recovered. Equally if you are running a business, you cannot afford to lose your customer records. Keeping documents backed up by scanning them and storing them online is the best way to protect yourself from disaster. Dropbox is a good example of a tool to store records.

Disasters like fire and flood can strike at any time. Could you recover if your office was burned to the ground or flooded?

Do you leave your office unattended? Then you are asking for data loss if someone accesses your office if you are not around. Lock your door and log off your computer and lock your records up.

 

Credit Cards, Online Transactions and bogus emails

We all use Credit Cards. Do you secure your PIN number? Do you change it regularly? If you use your credit card to pay online, check that the site is secure. The web address of the page for payments should start with www.https:// if it does not, then don’t use the site. Your transaction cannot be secure.

Web companies work hard to secure credit card transactions. Change your PIN regularly will help the fight against identity theft.

Every day many receive dumb emails asking for credit cards, email verification and much more. Often these emails entice you to click on a link. Don’t do it. Ignore them and delete them. The businesses that you use all have communication policies, including government, so if you’re not sure contact them.

 

Conclusion

Data security starts with you. It is easy to criticise others, we see it every day, “XYZ Corporation accused of data breach” and we all ask – “how could this happen?” for them, their data breaches are never intentional; they are always a breakdown of a system that was in place.

How about your systems? Have you got your passwords sorted? Have you got a system in place? Do you even take data security seriously?

Having a personal data security policy is a clever idea. That way your data has the best chance of being protected.