The security of your data on the internet is of concern at various levels. We live in an interconnected world and the economies that we operate within depend upon the security of information and the technology that supports your security is a part of a bigger picture. The internet supports trillions of transactions and the global economy is dependent upon the security of the information on it. Can you imagine a row of clerks in a bank with sleeves rolled up manually writing up corporate cashbooks? The reality is that we have moved forward, jobs and the business process has changed. With the change has come creative new ways to build businesses and the technology that underpins the success is at risk, as has been the foundations of every econony that went before, because there are those with criminal intent who seek to hack, defraud, destroy or disrupt nations, companies and individuals. Unfortunately cybercrime has become a "team sport" and is not only conducted with fraudulent intent.
The bottom line is that if content is highly secret, then you need to keep it in a bunker and not on the internet. For other sensitive information, you need to assess the relative sensitivity of the content and the impact of the risk. There is much that can be done at various levels. For many, the likelyhood of data loss, is higher at preventable levels of data security.
Sound security practices can go a long way to protect customer data and strategic business process competitiveness. Close your eyes and imagine the lie of your golf ball on fairway with a monkey scratching himself right next to it. Will he take the ball and what could you have done to prevent this risk? The likelyhood of loss is high however, the impact of the loss is low provided that you do not let it get to you!
What can be done?
Content Security on Portable Devices
Board and meeting packs have always been a weak link in that the chain of custody is often broken. Have your meeting papers remained in your possession in a secure location? You know that many lever arch files of sensitive information find their way to bins and public disposal sites. In short, the whole exercise of building the paper mountain and then shredding it, all too often, becomes a nightmare. Shortcuts are taken, and sensitive information is at risk.
Compare this scenario with password protected documentation on an iPad where data transfer is encrypted at the highest level. Are you likely to leave your iPad unattended in an insecure area? Will you write your password on the back of the iPad?
Ask yourself; is my iPad, phone or laptop more secure than a lever arch file? Your day-to-day diligence in maintaining custody of your phone/ tablet is likely to be higher than that for a pile of Lever Arch Files.
Content security will be greatly enhanced by ensuring that staff understand the impact that the loss of data would have and you can audit the access controls to ensure that available mechanisms such as password or biometric acess controls are in place. In addition, laptops can be secured with cable locks to desks etc.
While laptops, phones and tablets enjoy a relatively high level of importance to their owners they do get lost or stolen. When this happens access controls become important. The level of understanding on this matter tends to be higher than for physical storage media such as hard drives and USB flash drives. The latter tend to get lost more often and they tend to be set up with less access controls. You can purchase flash drives with physical combination locks on them and you can secure data on portable devices with a variety of software dedicated to his purpose including:
- Locking files, folders & drives with the strongest 256-bit AES algorithm encryption.
- Password locking your USB drives and CDs.
- Maintaining log files to see if anyone has tried to access your files with a wrong password.
- Secure deletion to ensure that deleted files cannot be recovered.
Content Security on Table Top Devices.
Again, access controls can be considered as can cables/locks be used to secure PC's to desks. Afterhours building access and exit security can assessed.
Data transfer from our servers in the USA is encrypted to the highest level available. Encryption from your servers is an option open to assessment.
Everyday Hacking and Malware
e-Mail viruses and a variety of worms will compromise your systems which can be infected from data transfers from others. Entry level protection is available at free to affordable rates and neeeds to be considered.
Accidents and Disasters
What if your laptop is destroyed in a car accident, it is lost in a flood, fire or you accidentally delete files? Whilst these eventualities are not malicious they have the same consequence. Again likelyhood and impact need to be considered in assessing your level of protection needed.
Do you need to maintain all data in a cloud with nothing on your device? Will weekly off site backups reduce the risk and impact of loss to acceptable levels?
Having secure backups is one solution is data loss. If backups are to be manually executed then staff need to be educated as the importance making backups and maintaining feedback checks can be considered to ensure that it is done.
Strong passwords have the following characteristics:
• Have at least eight characters.
• Do not contain your user name, real name, ID number, company name, or a complete dictionary word.
• Contain upper and lower case letters, numbers, and symbols (!, @, #, $, %, etc.).
• Are not used for multiple accounts or computers.
• Keep passwords and PINs secret. Don’t disclose them to family, friends and colleagues.
• Change your passwords at regular intervals, such as every 90 days.
• Set your computer to hibernate or go into sleep mode, requiring a password to unlock it, when you step away for more than a few minutes.
Sending files over the internet in original format such as word, excel, powerpoint ,pages, numbers, keynote etc., means that if they end up in the hands of others either directly or indirectly from the person that you sent them to they can easily be altered to misrepresent the contents that you supplied.
The MEETING PACK COMMUNICATOR can link to an Independent Webpage where a schedule of downloads are presented of documents that are downloaded by way of hyperlinks. The data transfers to recipients will be encrypted but once received documents in original format can easily be changed. Perhaps this is what is intended where one seeks work to be done on the document. Where the integrity of the document needs to be protected a level of comfort can be obtained from sending it as a PDF document.
This however does not mean that it cannot be altered, which if the recipient has Acrobat or Photoshop, as an example, can easily be done. The loading of the document to one of our content managers means that it will be opened online and the document will not have been transferred to the recipient. It can also be put behind a password. The latter two options adds to the level of security around the integrity of the document however it remains open to abuse. Schedules, for instance, can be copied from the screen for pasting into excel.
When you send e-mail it is equivalent to unregistered mail. "You lick the stamp and hope!" Registered mail means that you are notified of receipt. This is a mail setting that should be encouraged. An alternative is to have the recipient "collect" the files and to register the fact that it was downloaded. This is an option in the MEETING COMMUNICATOR in the video and PDF downloader. You can require that the recipient must login to download the documet and you can maintain an audit trail of who downloaded what and when.
Prevention is Better than a Cure
The addage holds good. It is easier to be prepared for what is likely than it is to fix the consequences. Understanding frequently encountered phishing and other scams, malicious e-mail spam, accessing public wi-fi and paying attention to the spelling of service providers names is important. Malicious attacks are often mounted from similarily named vendors to those that you may use.
Level One Strategy
Your assessment of likelyhood and impact will dictate but where information is sensitive you should, as a minimum:
- Ensure that data traffic to and from your computers is encrypted
- Backup regularily
- Use, change and secure passwords
- Mantain custody of portable hardware devices such as latops, flash drives and handsets.
- Keep data off locally held hardware and secure access to offsite data.
- Unless documents are needed to be worked on then provide read only access to off site webpages and do not send original copies.
- Maintain a register of document downloads so that you know who has what and when it was "collected."
We offer the above for your consideration but cannot suggest that the suggestions are complete nor that they will be effective in the face of a threat that you may face.