Cyber Security: Making your information less vulnerable to attack Encrypting sensitive documentsIf you have very important files that cannot be shared, then you should consider encrypting documents when they are not actively being edited. VeraCrypt is an example of secure encryption software that can be used to secure any files containing confidential data. User accountsAll modern operating systems allow for different user accounts to be created with different levels of access. These range from a guest who can only perform a small number of tasks and cannot change any important settings, through to an administrator who can install new applications, see any data on the computer and make major changes to settings. In between, are user accounts that have limited access and do not usually allow users to install new software – helping to prevent malware infections. Even if you are the only user on a computer it can make sense to use a user account for day to day purposes, only using the administrator account as and when new software needs to be installed or the operating system is updated. Never use an administrative account for surfing the web or opening emails. User accounts can be used to restrict access to files, printers and other resources on a local area network. File permissionsEvery file and folder on your computer has a set of permissions that tell the computer’s operating system what can be done with that file:
Different users have different sets of permissions – so you may have read and write access to an important document, but you can restrict others to read only (i.e. they cannot edit the file), and deny access entirely to people outside of the group. Remember, read permission allows a file to be copied and to be read. An attacker can still then use copy and paste to copy important information from a document, or to make a copy of the original and to edit that instead. Disabling portsAlmost all modern computers come with one or more USB ports through which data can be stolen using flash memory drives, a plug-in hard disk or smart phone or media player. It may be necessary to disable these ports for security reasons. Data Loss Prevention (DLP) software can temporarily disable the USB ports, or monitor or restrict the copying of files to USB devices. Physical LocksThe easiest way to steal a large amount of data is to simply steal the computer or the database server itself. Most computers and some external devices have sockets into which a lock, usually attached to a flexible metal chain that is secured to a wall or a desk, can be attached. Also check that a locked computer prevents a thief from opening the computer and simply unplugging data drives and removing them. Any networked storage devices should be in a locked room or a locked cage secured to a wall or floor. Obviously, if you are working in a shared environment, locking doors and windows is an obvious deterrent to attackers, as is challenging unknown individuals who might be wandering around. |
|