3.2 Making your information less vulnerable
Some simple steps to make your information less vulnerable to attack in the future.
User accounts and passwords help secure data so that it can only be seen and used by authenticated users. Without a user account and password, an attacker is forced to use much more time-consuming techniques to break into the machine, greatly increasing their risk of being caught.
If you haven’t already done so, it is time to configure your computer and mobile devices so that they require a login or passcode when you switch them on and that that they lock when left for a certain period. This will prevent anyone tampering with them or impersonating you on social media if you leave them unattended.
A network firewall installed on a router and a personal firewall on the computer itself will stop hackers from getting into your computer. Likewise, up to date antivirus software can stop malware from deleting, encrypting or transmitting your files over the network.
If you have very important files that cannot be shared, then you should consider encrypting documents when they are not actively being edited. However, encryption can be troublesome when files must be shared since that requires sharing of keys which is generally considered inadvisable.
All modern operating systems allow for different user accounts to be created with different levels of access. These range from a guest who can only perform a small number of tasks and cannot change any important settings, through to an administrator who can install new applications, see any data on the computer and make major changes to settings. In between, are user accounts that have limited access and do not usually allow users to install new software – helping to prevent malware infections.
Even if you are the only user on a computer it can make sense to use a user account for day to day purposes, only using the administrator account as and when new software needs to be installed or the operating system is updated.
User accounts can be used to restrict access to files, printers and other resources on a local area network.
Every file and folder on your computer has a set of permissions that tell the computer’s operating system what can be done with that file:
- write permission – the file can be edited
- read permission – it can be copied
- execute – the file can be executed as a program (if applicable).
Different users have different sets of permissions – so you may have read and write access to an important document, but you can restrict others to read only (i.e. they cannot edit the file), and deny access entirely to people outside of the group.
Remember, read permission allows a file to be copied and to be read. An attacker can still then use copy and paste to copy important information from a document, or to make a copy of the original and to edit that instead.
Almost all modern computers come with one or more USB ports through which data can be stolen using flash memory drives, a plug-in hard disk or smart phone or media player. It may be necessary to disable these ports for security reasons.
Data Loss Prevention (DLP) software can temporarily disable the USB ports, or monitor or restrict the copying of files to USB devices.
The easiest way to steal a large amount of data is to simply steal the computer itself. Most computers and some external devices have sockets into which a lock, usually attached to a flexible metal chain that is secured to a wall or a desk, can be attached.
Obviously, if you are working in a shared environment, locking doors and windows is an obvious deterrent to attackers, as is challenging unknown individuals who might be wandering around.
In the next section, you’ll create a personal recovery plan.