Data security
Data are the life blood of our work and communications. Whether it is a presentation, a record of operations, a budget or any other collection of coherent information, it is likely to be stored as data on some form of electronic medium. This could be your computer’s hard drive, a CD or a USB key. When they are in this stored format, how secure are your data?
We hear a lot about viruses and spyware, but the greatest risk to your data is simple loss. If you lost a CD with the details of your pricing structure, would the finder be able to open it? If the USB key with information on your corporate bank accounts disappeared while you were traveling, would you be sure it was secure? How about if your laptop disappeared at the airport while you were not looking? What information is on it that you would not want the rest of the world to see?
Do any of these scenarios worry you? They certainly scare me! I constantly watch for opportunities for loss, whether due to my own error or the malicious intent of others. There is no greater risk to your data or their security than the loss of a portable device. It is one of the greatest fears of IT personnel, as they have no control; all they can do is provide security tools to the users and hope they will be used.
So what tools are available to ensure the security of your data? Many of them! They range from simple passwords to biometrics to embedded chips (embedded in you!).
Passwords
Passwords are the most important security method and one that is considerably older than computers. They are extremely reliable and easy to use. Unfortunately, they are also easy to misuse. They can be considered ‘weak’ or ‘strong’:
* ‘Weak’ passwords will not protect your access. What is ‘weak’?
** simple passwords of fewer than eight characters
** words — any password that is a real word (i.e., in the dictionary)
** names — your middle name (or your spouse’s or child’s or dog’s name) is a very easy password to guess
* What kind of password is ‘strong’?
** the longer the better: eight to 12 characters
** nonsense makes good sense: your password should not be a real word, but a combination of letters, numbers and symbols
How do you keep track of these complex passwords? If you are like most people, you write them down on a sticky note or piece of tape and keep it with your computer. This is the best way to ensure that your password is useless! Just as easy, but more secure, is a suite of passwords that you can remember easily, such as characters from an obscure novel (Dickens and Shakespeare do not qualify as obscure!) or animal names from a particular environment. However, to ensure the security of your passwords, you should use a substitution for letters in common words — e.g., use ‘8’ for ‘a’, so bears = be8rs, or ‘7’ for ‘e’, so eagle = 7agl7.
Advanced methods
There are also advanced methods, such as tokens, biometrics and even embedded RFID chips, to improve the security of access to computers or networks. These are not a substitute for password security, but an enhancement to it.
Biometrics are techniques that use a person’s (supposedly) unique bodily characteristics as a ‘password’. This could be a thumbprint, a retinal pattern or voice recognition. Unfortunately, even the best biometrics can be easily fooled by an expert. Their advantage is when they are used in conjunction with a password to improve security.
These methods help to protect your data against unauthorized use, even if your computer or other device is stolen or lost. However, they only work if they are used properly — the best password will not prevent access if it is taped to the lid of your laptop. For me, I use good passwords, but I still keep a close eye on my gear while I am traveling.
Freelance writer Dan Davies can be reached at dan.davies@shaw.ca.
Comments