This is a pretty deep topic, but we’ll cover the basics. I will split it into two sections as both sections have quite different ways of preventing data theft.
Local data theft
Local data theft, ie someone logs into your computer and steals data while physically on your system. You probably have a Windows password on your computer, but did you know that locally it’s really easy to remove or completely bypass that password? Here are some more effective ways to prevent someone from gaining access.
1. BIOS password
This is a password that is displayed even before Windows starts to load. Especially on laptops this can be very effective in stopping a data theft attempt, on desktops it is easier to bypass. Even if you remove the hard drive from the computer, the person may be able to gain access to your data. It’s always recommended to repeat passwords every 6 weeks or less in case a would-be thief figures out what it is.
2. Disk Encryption
Most modern hard drives support disk encryption, whether you can implement it or not depends on your BIOS and computer model. For example, hard drive encryption is rarely seen on a consumer laptop. But it’s even rarer NOT to see it on a business laptop. This is quite an effective tool, again, it will show a password before the operating system starts, if you don’t know it, the disk is useless.
Think of things like fingerprint readers, face recognition and iris recognition. These have their advantages and disadvantages.
They are also easy to use and can be an effective deterrent.
Also, if it’s business-grade, your data will be encrypted, which is good.
Minus, they usually resort to passwords. So if the thief knows your password, they can simply choose to use that instead of your features
Minus, if they don’t have password backups then you can lose your data if your biometrics change for any reason, burn or accident
Minus if they are consumer grade they just store your password and use biometrics to enter it into windows and grant access. No encryption.
4. 2 token authentication
This is now common among businesses and increasingly available to small businesses or “prosumer” users. Basically, you need two forms of authentication before you are allowed access. Biometric + password or password + magnetic card etc.
Again, this is safer and may be overkill for the typical home user.
Remote data theft
This is the realm of hackers, viruses, and the occasional disgruntled employee. This is one of the most likely ways for your data to be stolen or deleted. If you don’t have security hardware and software on your network, leave your computer in the wild. The idea here is to block them from coming in in the first place.
We ran an experiment on a vanilla XP system with no firewall or internet security, it took about 4 minutes and then wouldn’t start, so much so that we had to delete it and restart.
Here are some steps you can take to make your online experience safer.
No software is perfect, and when people find loopholes, backdoors, exploits, and other ways to hack into a network, the software vendor patches them too. Tuesday is patch day for Windows, so rest assured that Wednesday will have updates to download. If you don’t update, leave your system and data open for picking.
2. Internet Security Software
Is a free antivirus program not enough? I get asked that all the time. The truth is it would really depend on a number of factors, but the general answer is NO. Free antivirus is the base that any company can offer. All of these companies have paid for much more comprehensive offerings that do much more. Typically a free plan just scans files, a paid plan does things like;
Heuristic analysis – where they look for infection patterns or symptoms rather than just matching a virus to a definition
Email Scanning – You’ll immediately see both an email with a shady attachment and a phishing email trying to steal your information
Web scanning – they warn you about questionable websites linked to scams or other illegal activities
Firewall – You have a fully functional software firewall that blocks attacks
Upgrading your security software to a full-featured package is well worth it. Go with the brand names, my favorite is Kaspersky Internet Security.
3. Hardware Firewall
Windows and security software provide a software firewall, but if your computer is compromised, that software firewall is likely to be compromised and configured by the virus or whatever to let all nasty stuff in (like a trojan attack), hence a The hardware firewall is an essential element of a network.
The good news is that if you have a router of any kind, it probably has a hardware firewall built in. Here are some firewall tips;
a. ports – A port lets through a certain type of data traffic, e.g. B. E-mail traffic or website traffic. Open only the ports you need and close all others. If you no longer use a port, close it.
b. UPNP – Universal Plug and Play, this can be enabled by default in firewalls and allows a program on your computer to tell whether to open a port on the hardware firewall. This can be bad if the program is a virus or trojan. Only turn on UPNP when you need it. In a business setting, you probably wouldn’t do that.
c. DMZ – Demilitarized Zone, if you let anything use that, you basically give them an open window to the outside world where they can send anything out and out. Use with extreme caution.
i.e. SPI – Stateful Packet Inspection, If you are considering a firewall any decent one will have SPI which will inspect packets for anomalies and if very good at detecting and blocking attacks.
Depending on the size of your organization, you may want to use a dedicated firewall, but they typically cost upwards of $1000, so it can be a sizable investment for some.
4. Remote Access Passwords
You must always protect remote access passwords. If an employee leaves your office, you must immediately change any passwords he or she had access to or they could cause significant damage, data loss/theft.
You must always harden remote access passwords, follow these guidelines.
a. at least 8 characters
b. At least 1 capital letter
c. At least 1 number
i.e. At least 1 special character like @ right? symbol
e. Change them at most every 6 weeks
This makes it orders of magnitude harder for someone to “crack” your password, hello123 just won’t cut it.
5. Operating System Version
Support for the now 10 year old Windows XP is pretty much over. Also, the newer operating systems like Win 7 and 8 are much better at blocking unwanted attention and dealing with attacks than previous generations.
If you haven’t updated yet, please do so. you are overdue