Ann Arbor Area Business Monthly
Small Business and the Internet
10 Habits of Secure Businesspeople
By Mike Gould
onslaught onset of the new year, now is a good time to evaluate and tighten up your general computer procedures in regard to security. As I have pointed out in the past, It's A Jungle Out There™. Not only is the government digging through your communications, but an army of bad guys are constantly trying to chisel into your data, identity, and credit card information (DICCI). What is a concerned computer user to do? Behavior modification, that's what, so let's get modifyin'.
Let's beat this dead horse some more, shall we? (Whack) Passwords get hacked all the time, with the resultant loss of DICCI and a general increase of chagrin. So keep 'em complicated enough to be secure, but easy enough to remember. Use at least eight characters, including a capital letter and a number or typographical symbol (~!@#$%^&*+ - but don't run your fingers down the top row of your keyboard, like I just did - too obvious). The first letters of your favorite song lyrics are good. Example: Ffyr2py! - a re-work of the tender Beastie Boys' ballad, Fight For Your Right To Party. See previous article about this, URL below.
2) Secure Backups
By now, you have hopefully eaten the red pill, hearkened to the gospel, and heeded best practices, absorbing in the process the concept that keeping backups of business information is a Good Idea. You regularly dump your data into a receptacle, be it external hard drive, memory stick, or the cloud and are secure in the belief that you are backed up. Ah, but are you? Have you tested your system by trying to retrieve that memo from May fourteenth you edited drastically yesterday? Now would be a good time to retrieve the original version to make sure everything is working.
There is nothing worse than attempting to bring back a crucial document from an archive and discovering that your backup software isn't doing what you think it is doing. And while you are at it, how secure is your backup? If it is an external drive you leave plugged into the back of your computer, what happens if someone steals your computer and everything attached to it? Woe and lamentations, big time. Keep your backup drive in an undisclosed location, drag it out periodically to backup, put it away afterwards. A pain, I know, but ever so much more secure. Ditto backups to flash ("thumb") drives: keep 'em in a locked drawer.
3) Public Use of Networks
Ever sit at a WiFi-enabled cafe and bought something over the Internet? Bad idea. It is ridiculously easy for a knowledgeable bad person to tap into the communications between your laptop and the wireless receiver involved. This is called a "man in the middle" attack, and is a really good way to get your DICCI in a twist. Same with your wireless communications within your place of work. If the office down the hall is inhabited by said bad person, all your data could belong to him. At the UM School of Education, where I used to work, we had a rule that all sensitive data had to be sent via computers plugged into the network, not broadcast willy-nilly over easily compromised wireless-ness. And our wireless access points were very carefully managed - but still not trusted.
4) Local vs. Cloud storage I've ranted about this before (URL below), but it bears repeating: I don't recommend putting important data into The Cloud. There is simply no guarantee of privacy from government or other snooping, too many assumptions involved (constant up-time, for one), and vulnerabilities from institutional data mining (such as GoogleMail scanning all your email to extract keywords for targeted ads). If all your data is stored and backed up locally (at your home/place of work, not at some cloud-based server farm), you have more control over who has access to it.
As with most privacy issues, it is a matter of convenience vs. security. The more secure things are, the more effort is required of you to maintain things. Automated backups to the cloud are vastly more convenient than dragging around external drives, but at a cost of greatly decreased security. It is up to you to determine your level of comfort concerning computer strategies, but the more important your data is to you and your business, the more effort you should be expending to protect and defend it.
5) Road Warrior strategies
If you regularly haul a laptop/netbook/pad/smartphone around with you with sensitive business data on it, you are at an insane level of risk for loss of DICCI. Now the possibility of physical loss becomes a distinct issue. It is one thing for a data thief to tap into your online business communications, but if the bad guy has stolen your portable computer (and don't forget that a smartphone, etc., is a computer), he/she can crack into your identity in the comfort of their lair, feet up, glass of rum at hand.
Keep your laptop physically locked in your hotel room, or in a safe (if it will fit). Lock things in your trunk if you must leave things in a car, or slide it under the seat. Always use a password to log into your laptop/smartphone/whatever. Keep a bare minimum of sensitive information on your traveling computer; just enough to get the current job done. Make sure everything is backed up before you leave for a business trip.
6) Whoops, Out of Room Looks like items 6 - 10 will have to wait until next month. Until then, have a secure New Year!
Passwords article: http://mondodyne.com/b2b/smbiznet.173.shtml
Cloud article: http://mondodyne.com/b2b/smbiznet.167.shtml
Mike Gould feels reasonably secure, was a mouse wrangler for the U of M for 20 years, runs the MondoDyne Web Works/Macintosh Training/Digital Photography mega-mall, builds laser display devices, performs with the Illuminatus 3.0 Lightshow, and welcomes comments addressed to firstname.lastname@example.org.