Tips to protect your data and online security
December 28, 2016
By Bob Fink
Partner, Information Technology
With the ever-increasing reliance on electronic records and online systems, we want to provide a reminder about safeguarding your documents and accounts. As with all of your sensitive physical or electronic documents, proper safety and security precautions must be taken when considering how and where to store your information. In the past, a fire-proof safe or a lock box were relied upon for protecting our most sensitive documents. Today, that same level of concern needs to be applied when determining how to store electronic documents. Too often the process of safeguarding documents, data and our online accounts does not bubble up to the top of the priority list.
Below are several rules to follow that will provide a solid starting point.
Rule #1: Backups
Having a solid backup strategy is essential for recovery from small and large disasters. From something minor such as a laptop or desktop failing, to something a little larger like a server failure, a strong backup strategy is essential.
There is a time-tested 3-2-1 rule for businesses to ensure proper backup which covers many disaster scenarios. Three copies of the data, two different formats or mediums, and one copy offsite. While you may choose not to enact the 3-2-1 rule for your personal documents, please keep in mind the reasoning behind the rule when thinking about how you protect your information.
3 – Ensure you have more than one backup copy of your data. Many simple backup programs basically mirror what is saved in a folder to an external hard drive or online service. An accidental deletion may automatically carry over and be deleted from both locations. Having backups with different points in time from which to recover is essential.
2 – Different formats or mediums provide a second copy of the documents. Doing so further reduces the chance of losing all data at the same time. A good example for personal storage is a flash drive that is only plugged in to manually create a copy or backup of your files. Once completed, ensure to unplug it and store it in a safe place such as a fire-proof safe.
1 – Keep an offsite copy of the data. If you are the victim of a fire, flood or some other disaster, the chance that you will regain access to your data that was onsite could be slim. Using a remote location or an online backup provider as a remote site are effective solutions. As with any vendor you choose, make sure to select a reputable option. Selecting the cheap, new, online option may not be a good long-term decision. If you are choosing to back up your data over the internet, ensure the backups are encrypted. This step usually ensures steps three and two are covered. This will give you the additional third copy of your data as well as your second format or medium.
Rule #2: Test Your Backups
The immediate next step after implementing a backup strategy is to test the system put in place. Too often we hear of businesses that have never tested their backups and only find out they were not working when they are unable to recover from situations such as ransomware. Testing should happen on a periodic basis to ensure you can recover when it matters most.
Rule #3: Encryption
Most documents or files that you have are likely not sensitive enough to need an encrypted layer of security. However, there are some documents, such as tax returns or business documents, that are highly valued and should be protected with use of encryption. Many common document types can now be encrypted with a password in the programs you are already using. For example, PDFs can be encrypted by Adobe Acrobat, while Word and Excel files can be encrypted within Microsoft Office. Ensure to use versions from 2010 or newer for higher encryption standards. Another easy and economical option is through the use of a flash drive that provides encryption. Flash drive options include Kingston’s DataTraveler Locker, or many of the SanDisk flash drives offer free SecureAccess software to encrypt the drive.
For businesses where more of the data may be sensitive, it may be necessary to encrypt the entire computer’s contents. This is becoming easier to accomplish especially with newer versions of Windows such as Windows 10.
Rule #4: Passwords and Two-Factor Authentication
Nearly everything, including the login to your computer, online sites such as your email or bank websites, requires a username and password. The strength of the passwords we create needs to be improved. Below are some quick tips to help create and maintain strong passwords:
- Use at least 10 characters including upper and lower case letters, numbers, and symbols.
- Use passphrases to increase complexity while making it easier to remember.
Ex: “HK is the greatest firm!” is much better than “Accounting1!”
- Use different passwords for different sites. If one site is breached, you do not want to provide a hacker with your passwords to all the sites you use.
- Do not use commonly found information about you in your password.
- Remember to change your passwords often. A website being breached with your login and password from 2013 should not match your current password today.
Many sites now offer two-factor authentication as an additional layer of protection for your accounts. This is most often done by sending you a text message with a six digit code for you to enter at login after you enter your password. This ensures that if your password is stolen, it would be much harder for a hacker to complete the login as it nearly impossible for them to receive your text messages. Many sites such as Gmail, Outlook, Yahoo and Facebook have two-factor authentication available. Some sites have apps that make the process even easier than entering the code received via text.
Rule #5: Safe Use of Email and Websites
The tactics of online criminals continues to increase especially in email. The rise of ransomware continues with some reports stating 93% of malicious emails contain ransomware. The top three ways to get a virus continue to be email links, email attachments or browsing websites. Below are some tips for staying safe online.
- Never click on links or attachments in emails from unknown sources.
- Email received from someone you know needs to be scrutinized. If the email seems even slightly out of place, contact the person via phone to confirm it is a legitimate email.
- Vague requests, like “Please view the attached document” or “Forgot to send this file to you before” with a link, should be analyzed.
- Be aware of targeted emails tailored from public information about you on Facebook, LinkedIn or your company’s website. Many wire transfer and W-2 information requests are carried out via this method.
- Observe and ensure email addresses are correct. Missing small variation such as @homkamp.com, @honnkamp.com or @honkamp.co in the email address could be the difference between replying to someone you know or replying to someone you do not.
- Practice safe website habits.
- Avoid questionable websites.
- Do not click on pop-ups that appear on sites.
- Verify images and links sent to you through social media as they can contain viruses.
- Ensure sites that you log into begin with “https://” such as your bank or email.
- The ‘s’ ensures the data is encrypted.
- Keep systems and software up to date.
- Make sure your computer’s operating system and software have the latest updates installed.
- Software such as Microsoft Office, Adobe Acrobat and Reader, Flash, and Java are commonly targeted with malicious attachments from websites.
Rule #6: Remove Local Admin Rights
Removing local administrator rights is possibly the biggest but sometimes the hardest security change to implement. Many companies have found it difficult to transition because of the emotional or political issues associated with removing the ability to make changes to the computer. Providing admin rights can lead to someone downloading new programs, running any program, or circumventing security measures put in place. New programs available for download could easily have a virus hidden within and quickly cause great harm.
When considering personal computers and admin rights, there are still measures that can be put in place. When there are multiple users of the same computer, such as children, it is fairly easy to create user accounts for each person. These additional accounts could be created without admin rights. If something new needs to be installed, the person with the administrator login can login and make the change for them.
Once the hurdle of implementing regular accounts with admin rights is tackled, the computer is put in a much better position to fend off common malware. Often, once the emotion issues are put aside and the facts are considered, this becomes an easy security measure to put in place.
For more information or assistance, call 888-556-0123, email firstname.lastname@example.org or submit our online form.