News
Data Security

Data is the lifeblood of our work and communications. Whether it is a presentation, a record of operations, a budget spreadsheet or any other collection of coherent information, it is likely to be stored as data on some form of electronic media. This media could be your computer’s hard drive, a CD or a USB key. When it is in this stored format, how secure is it? We hear a lot about viruses, Trojans and spyware, but the greatest risk to your data is simple loss. If you lost a CD with the details of your pricing structure, would the finder be able to open it? If the USB key with your budget and information on your corporate bank accounts disappeared while you were traveling, would you be sure it was secure? How about if your laptop disappeared at the airport while you were not looking? What information is on it that you would not want the rest of the world to see?

Do any of these scenarios worry you? They certainly do me. I travel with a considerable amount of information in various formats and I constantly watch for opportunities for loss, whether due to my own error or malicious intent on the part of others. There is no greater risk to your data or its security than the loss of a portable device. It is one of the greatest fears of IT personnel, as it is completely out of their control. With a computer network or incoming email, IT has tools they can use — firewalls, virus checkers, spyware blockers — to protect the integrity and safety of their systems. With portable devices, they have no control, all they can do is provide the tools to the users and hope they will be used.

So what tools are available to ensure the security of your data? Many of them! They range from simple passwords to biometrics to embedded chips (embedded in you).

PASSWORDS

Passwords are the most important security method and one that is considerably older than computers. They are extremely reliable and easy to use. Unfortunately, they are also easy to misuse. They can be considered ‘weak’ or ‘strong’:

* ‘Weak’ passwords will not protect your access. What is ‘weak’?

– Simple passwords, of fewer than eight characters.

– Words. Any password that is a real word (i.e., in the dictionary).

– Names. Your middle name (or your spouse, child or dog’s name) is a very easy password to guess.

* What is ‘strong’?

– The longer the better: eight to 12 characters.

– Nonsense makes good sense: your password should not be a real word. Best is a combination of letters, numbers and symbols.

How do you keep track of these complex passwords? If you are like most people, you write them down on a sticky note or piece of tape and keep it with your computer. This is the best way to ensure that your password is useless! Just as easy, but more secure, is a suite of passwords that you can remember easily, such as characters from an obscure novel (Dickens and Shakespeare do not qualify as obscure!) or animal names from a particular environment (lions and tigers and bears, oh my!). However, to ensure the security of your passwords, you should use a substitution for letters in common words – e.g. use 8 for a, so bears = be8rs or 7 for e, so eagle = 7agl7.

ADVANCED METHODS

There are also advanced methods, such as tokens, biometrics and even embedded RFID chips. These use a secondary method, such as a changing number on a token or a thumbprint, to improve the security of access to computers or networks. These are not a substitute for password security, but an enhancement to it.

Biometrics are techniques that use a person’s (supposedly) unique bodily characteristics as a ‘password.’ This could be a thumbprint, a retinal pattern or voice recognition. Despite what is shown in the movies, an expert can easily fool the best biometrics. Their advantage is when they are used in conjunction with a password to improve security.

ENCRYPTION

In combination with securing access is a method called encryption. Passwords prevent unauthorized access like a gateway, with your data inside the gate. However, it is possible to bypass the gate, accessing the data without going through the gate. In that case, encryption protects your data when the password is bypassed. When your data is encrypted, it is rewritten into what appears to be gibberish. If you have the encryption key, the gibberish is decoded back into the data. This is the same system that is used to ensure that transactions on the internet are secure, but in this case is used to encode files or even entire hard drives. So even if the password gateway is bypassed, when the data is examined it just appears to be gibberish.

These methods help to protect your data against unauthorized use, even if your computer or other device is stolen or lost. However, they only work if they are used properly — the best password will not prevent access if it is taped to the lid of your laptop. For me, I use good passwords, but I still keep a close eye on my gear while I am traveling.