There has been, and probably will continue to be, an amazing amount of press about wikileaks over the last few weeks.
This post is not about the rights or wrongs of either leaking or wikileaks themselves, in this post we’d like to explore the scenario of if leaking of highly valuable information can happen to you?
The simple answer is: yes.
It probably wouldn’t be quite as high profile as wikileaks, nor, for that matter, would the information be quite as devastating to international relations (or would it?), but, simply put, your valuable data is only as secure as you make it.
You can, however, take some simple steps to protect your data, here’s our handy top fifteen approach to keeping your data safe:
- The simplest solution is always the best: make sure only those who NEED access to information have it. This is particularly important when it comes to access to customer information and private financial details.
- Information harvesting may not be something that someone inside your walls is trying to do, but that doesn’t mean someone is not trying to get hold of your details. Make sure you use sensible and hard-to-guess passwords, particularly if you have public-facing access that does not require a VPN to get to. In this category, you should also think: google analytics (if you are a business, or even if you are not an run a blog); if you use simple passwords, someone will get lucky one day.
- In the same way, if people cannot guess your passwords, they’d still like to have access to them: be very careful of what you click on, both links to websites, and attachments in your email.
- Change your passwords often, and don’t recycle them.
- Make sure you are running antivirus on your computer systems. Make sure it is always up-to-date.
- Make sure you are running anti-spyware on your computer systems. Make sure it is always up-to-date.
- Don’t be fooled into a false sense of security, thinking you’ll buy a license to your security software later – just because it’s installed, you need to make sure it is updating always.
- Make sure you are running antivirus software on your servers as well. Your data protection is only as good as the weakest link in your security regime.
- Another simple solution: simply don’t store sensitive information on publicly accessible machines. If you must, encrypt it.
- Have your system admin turn off unused services (such as FTP, for instance) if you don’t use them.
- Make it the default policy in your business, or even at home, that you don’t automatically allow mounting of network drives (i.e. only mount a machine when it’s needed, not as default).
- Disable user accounts that are no longer active (for instance if an employee leaves your business, for any reason).
- Don’t have guest accounts active on any public facing machines, and also any machine at all if it is not needed.
- If you run a business, have a “Guest” wifi network (still password protected) so that visitors to your office have access to the internet, but not your internal network.
- If possible, disable boot from external disk or USB device on all of your important systems, but preferably all systems.
If you follow this list, you’ll make it far more difficult for someone unauthorised to access your sensitive data and systems, and this should help keep you and your business out of the headlines.
Did we miss something? Tell us in the comments.