JavaScript must be turned on in order for this site to display properly.

Information Security

Information Security

With more and more of us taking highly confidential work home to process either on a laptop or a home computer, it has become vital to consider whether you are adequately protecting that information.

We have seen cases that when confidential data was compromised that the weak link was that work was being done at home. Here are some ways to handle confidential work papers and computer files that will frustrate the hackers, crackers and cyber-spies . . .

Use protective programs to secure your computer

Using a combination of readily available programs, often sold as a bundle, or a package, you can minimize your risk of becoming a victim of online crime. Here are some of the most important:

  • Antivirus
    An antivirus program is a necessity. The most popular commercial programs come from Norton, McAfee and Kaspersky. There are some other good free programs such as Avast, AVG and MalwareBytes.
  • Firewall
    If your home computers are not behind a wireless router, an application firewall is a must. A firewall filters the traffic between your computer and the Internet. Windows Vista on up on a PC all come with firewalls turned on by default. Mac OS comes with a firewall, it is not necessarily enabled by default.

    Popular commercial and free security suite programs also have firewalls within their programs. Check the documentation within any of these application security suites to see if it is most advantageous to use the security suite or Windows/Mac OS firewall.

  • Anti-Spyware
    An anti-spyware program can scan your computer for known spyware applications and remove them. Some of the most popular are also from Norton, Kaspersky and McAfee. Most commercial products offer both antivirus/anti-spyware all built into one security application.

Get a good shredder

By good we mean one that produces confetti, not long strips of paper. The problem with strip shredders is that the documents can be reconstructed, and the basket fills up very quickly. With a crosscut shredder, the capacity of the basket is greater, and the ability to reconstruct is greatly reduced. Shredders that will do a great job are now priced at $50 and under.

By the way, since many municipalities now require recycling of paper, it makes it easier for someone to grab your waste paper without having to sort it from your other garbage. Not only should you be shredding confidential drafts and other work related material, but in light of identity theft, consider shredding things like credit card solicitations, and similar materials.

Make sure your firewall is on

What is a firewall? A firewall is a software program that screens out hackers, viruses and malware that attempt to reach your computer.

Cable lines often have a fixed IP address that can make you very vulnerable to having someone access everything on your computer remotely, without you ever knowing about it if you are on a network. The settings on most of our computers permit what is called file sharing. No problem if your computer is not connected to the Internet, but when it is connected with a fixed IP address, it is possible for a person to hook up to your machine through that cable line, and to read and copy everything on your PC.

An outsider can also load programs onto your machine (for example, a program designed to attack other computers in a distributed denial or service attack). To prevent this, you can use a firewall.

Windows systems (Vista on up to present Windows operating systems) and Mac OS systems all come with firewalls that may or not be enabled by default. Make sure that your firewall is turned on to protect your computer.

Also, all popular security suites, both commercial and free, have built in firewallls. Popular home security suites come from Norton, Kaspersky and McAfee.

In addition, the addition of a cable/DSL router will enhance protection.

Beware: standard email is not secure

Confidential files sent by standard email can be intercepted. The most likely points of interception are nearest to the source of destination points. Also remember that copies are easy to make. You may want to consider ways to send confidential material that is more secure than standard email.

For example, simple file compression programs like WinZip give you the option of creating a password protected, file in the form called a self-extracting archive. You tell the software the files you want to send, and it converts them into an executable file (a program) that you send as an attachment to a regular email.

When the recipient gets the attachment, they run it, and are asked to put in a password. You give them the password independent of the email (e.g. face-to-face, by phone, fax or some other means). They enter the password, and the files are decrypted, expanded to full size, and placed whenever the recipient wants to store them.

The advantage of this is that the recipient does not need specialized software. More secure solutions usually require the sender and recipient to share software and digital encryption keys. One solution using this approach is free to individual users (not to organizations) using a program called Pretty Good Privacy (PGP) to protect your sensitive information.

Know the weakness in the security systems of popular software packages

If you use software like Word, Excel, etc. you probably know that you can password-protect a file. But you should know that there are various software packages that can break that encryption, sometimes in seconds.

Even where the latest versions of these packages are used, hackers can routinely break passwords in a matter of hours or days by using a parallel processing system. With up to 100 PCs working on the problem (many in their spare time at night, or when the user is not running program) hackers can test millions of code combinations every second, and it's only a matter of time until they get the right code.

The problem is that these packages use very simple encryption algorithms with limited key lengths. (It is no longer a big problem with checking just over one trillion keys.) The moral of the story is this: don't trust that the encryption in your word processor or spreadsheet is going to give you world-class protection.

Don't download content you aren't certain is safe

Aside from viruses, you could find yourself with software that does things you don't know about, like reporting to an outsider what you are doing, or transferring files, or something else you wouldn't approve of.

Never open attachments in emails from a source that you are not sure of, for in doing so you might download malware to your computer. "Free" downloaded content might not be so free after all: It might contain viruses or spyware that will infiltrate your system and/or steal valuable information.

Use passwords that are hard to guess

Don't use names of family members, birthdays or the names of your pets. In fact, you should avoid any word that is in the dictionary (since hackers use dictionary files to break into systems.) The best passwords don't have to be hard to remember, just hard to guess.

For example, if you want to use the name of Yosemite national park as your password, it is a lot harder for a hacker to come up with y0sem1te (substituting the numbers for the letters o and I) than Yosemite. A substantial percentage of penetrations of online and corporate databases can be traced to bad passwords.

Make sure to use anti-virus software

If you are not using an anti-virus package on your home computer – one that is updated regularly with new virus definitions, you are asking for trouble. You already know this, but it bears repeating.

Always make a backup of important files/programs

If something goes very wrong with your computer – through a virus destroying your files, a hacker running a malicious program, or a hardware failure, could you recover your files and programs?

It is not difficult to copy files onto a flash drive or external hard drive. But remember this: If you make backup copies, you have to protect them. Stealing or copying a backup device is as good as grabbing the computer. Safeguard them, and when you no longer need them, destroy them (physically break them).

Keep your browser up to date

To help ensure that you are maintaining the highest level of security, keep your browser up to date with the most current version and download security patches as they are released. Many browsers (e.g. Chrome and Firefox) allow automatic updates for convenience.

Make sure you are using the most recent version for maximum protection.

Remember: There's still data on that old computer

When the time comes to get a new computer and retire the old one, remember that the hard drive on the old machine can contain a lot of very confidential data. Even reformatting the disk does not necessarily remove that information.

The best way to get rid of it is with a shredder program (some of which are available at no cost). Also be cautious when sending a machine out for maintenance. Unless you encrypt files on your hard drive, the technicians could read anything on your disk while they have your machine.

Basic physical security

Finally, don't overlook basic physical security, like a small UL-rated safe for valuables, valuable documents and computer back-up files, and for under $35, a good cable lock will help prevent its theft should your home be broken into.