Adam Roth //July 10, 2013//
Try an internet search with the words ‘China,’ ‘hack,’ ‘security,’ or ‘NSA,’ and you may get more than you bargained for. With news about NSA’s surveillance program and President Obama’s recent meeting with Chinese President Xi Jinping, discussions around computer security have surged. And, while the administration is alarmed with the alleged stealing of U.S. weapons intelligence, what about the rest of us? (Source: “Year of the Hack,” New Yorker May, 28, 2013).
Even without missile defense information, everything on your computer is valuable and much more hackable. Do you know your company’s hackability rating on a scale of 1 to 10? Here are three common areas of risk that each has simple, cost effective solutions.
Why? If you’ve ever worked from Starbucks or a hotel using Wi-Fi access, you’re vulnerable. There are traffic monitors that allow thieves to view and capture anyone’s data that is going across a shared wireless network. That means you’ve inadvertently made available all of the corporate credentials a hacker would need to access your company’s network.
Recommendation: VPN (Virtual Private Network). A VPN can be set up for remote users and can be configured with Windows servers, most business class firewalls, and even some third-party software. In most cases, for the end user it only takes one additional click to log into remote desktop with this set up; so it’s all upside.
Recommendation: The best remedy to this is data encryption. It may be aggravating to have to enter a password twice in order to access your computer, but it’s worth it. With encryption you’ve cut the chance of your data being sold by about 99%. This feature is available on most laptops and there are also software solutions from third-party manufacturers. Truecrypt (www.truecrypt.org) is free open-source disk encryption software that can help keep your data safe.
Recommendation: Experts say you need to change your online passwords about every 40 to 90 days. But who can keep that pace? Online password managers like LastPass (www.lastpass.com) can help. A new product Yubikey (www.yubico.com) is taking password management and authentication to the next level. It’s an encrypted hardware token― think USB stick― that can be used for almost anything related to passwords.
Security is always a matter of balancing threats versus access. Whether you’re running a corporate network or a home network, you should consider outlining a data security plan. Identify your assets, the impact if those assets are compromised, and the likelihood that a compromise will occur. This will give you a more current and effective security policy and keep your hackability rating down― and this is one score you want to keep low.