If you have not yet heard, there is going to be a new legislation regarding data protection. As of May 2018 the General Data Protection Regulation (GDPR) will be put into action.
The EU’s General Data Protection Regulation (GDPR) is the result of four years of work. This new legislation will replace the Data Protection Act 1998. It has been designed to regulate how companies protect EU citizens personal data.
All companies that are already in compliance with the current Data Protection Act must ensure that they’re compliant with the new General Data Protection Regulation or else they will face fines and penalties. As well as tougher fines, the new regulation will also give people more say over what companies do with their data. The other cause of this new legislation is that the data protection rules will more or less be consistent throughout the EU.
So, GDPR will apply to the ‘controllers’ and ‘processors’ of data. A controller states why and how personal data is processed and a processor is somebody who does the actual processing of the data. The controller could be an organisation like a business/charity and a processor could be their IT Support company. It is the controllers responsibility to ensure that the processor abides by the new data protection law. Even if these controllers and processors are based out of the EU the regulation still applies to them.
ICO have put together a guide on how you can prepare for the General Data Protection Regulations.
Did you know that October is Cyber Security Month? European Cyber Security Month (ECSM) is a European campaign that aims to raise awareness of cyber security. This takes place every October. It provides up to date data security information and this is done through best practices and education.
Cyber-crime has grown at a tremendous rate, and is now larger than any other crime. As a small to medium size business, you may be under a higher risk of being targeted. This is because your data will be easier to access as opposed to larger, well-known companies. However, any company of any size could come under threat. So, we are going to look at the best practices of cyber security and how you can use it in your business or your own personal devices, to ensure the highest level of protection.
Your first best practice should be to ensure that all of your passwords are secure and cannot be breached easily. You should use a different password for each website. If you want to know the real risk of reusing passwords, here is an in-depth article which explains the dangers. Use a strong mix of numbers and letters within your password. You can create passwords easily with a password generator. To keep track of all your passwords, you should download a password manager.
Along with a secure password, you should use 2-factor authentication where possible. This is a second method of confirming you are you when logging in. This could be done through a code that is sent to your mobile, this is then entered on the website.
You should always be careful when clicking on any e-mail attachments. If it looks suspicious or unexpected, don’t click. Take OpenDNS’s phishing quiz to see if you can tell the difference between a fake or a real email.
You should update all of your apps and programs such as Java, PDF, Flash etc. as well as your operating system, when notified too. However, do read all of the notes of these updates carefully and do not update anything that may look suspicious to you.
When downloading apps onto your phone, be careful of all the permissions that the app is requesting. For example, a weather app should not be requesting permission for your photos. Following on from this you should visit your privacy settings within your mobile and social media to ensure you are not over allowing access to your personal information.
When you’re either downloading from a website or purchasing something which requires your card or personal details, make sure this is a secure website. The way to do this is to ensure that at the beginning of the URL it has ‘https://’ rather than ‘http://’. You may also see a small padlock icon and/or the URL bar may be green. Take a look at Coretek’s website below to see what a safe URL looks like.
You should make sure that you download an anti-virus solution. There are many to choose from and if you cannot afford to buy a license, you can find plenty of free ones (although these are likely to not be as good as a paid service). Alongside your traditional anti-virus solution, you should also run a dedicated anti-malware. This adds more layers of security.
You should back up all of your devices; phone, laptops, desktop computers etc. The reasoning for this is in case of cyber-crime on your devices, you will have backups of everything and will be able to retrieve all your files.
In the case of cyber security within your company, you should educate your employees. They should know how to keep their company cyber-crime free. One way to do this could be to set up a list of your cyber security policies and have this up around your offices. Or hold meetings and workshops to remind and teach these to your employees.
Having one of your clients phone you up to say their website has been hacked over the holidays, is not something any IT support company wants. However, just that thing happened only this last week to a client who has a website hosted by another IT provider. Following on from this act of destruction, we thought we should put together an article on website security and hacking.
You are probably already aware of what hacking is. But for those who don’t – hacking is the action of somebody, generally referred to as a ‘hacker’, gaining access to your website/social media profile etc. without authorisation. They could be doing this for a number of different reasons – to steal personal information, to take down the website or to control the site, or even just for fun.
Hackers have many different ways which they use to hack into operating systems. To name a few; Cross Site Scripting (XSS), Clickjacking and SQL Injection. Hackers create code that they ‘inject’ that will have affect on the site. They can hack through spam email and pop up windows.
Unfortunately there is no way to completely protect your website, however there are steps that you can take to make it as difficult as possible for the hackers. Below are some things that you can do to secure your website from these hackers. We have chosen a few of our favourite top tips!
Hackers are able to get into your system by using a downloadable program that can guess your usernames and passwords in seconds. To help to prevent hackers from guessing your username/password you should change it regularly and it should be a very strong username and password. A strong username/password is a word that includes letters, symbols and numerical characters. You should keep this to no less than 8 characters. You can use the below link to run through a few words to see how secure they are. But DO NOT use your own current passwords!
Two-factor authentication is based on the principal of a) something you have, and b) something you know. So when a user enters a password, they are then asked to complete a second verification step such as entering a code sent to them by text, via an automated phone call, or by using a “soft token” which is an app which contains a code to verify the password.
This is becoming increasingly more popular with companies for logging in, especially with the likes of banks or other companies which store a lot of your data such as Google.
One of the best ways to protect your website, is by keeping all of the software up to date. Always ensure that you check for updates, patches and new versions of programs and plugins. Once you have verified the update is genuine and is not going to cause issues to your website, install the updates. If you are running plugins, only download them from websites that you trust.
There are some plugins that you can purchase in order to provide higher levels of security. A plugin called ‘SiteLock‘ is useable for both HTML pages and CMS-managed sites. This plugin provides daily monitoring for everything, including vulnerability identification, virus scanning and malware detection.
A web application firewall (WAF) sits between your website server and data connection. It reads every bit of data passing through it and can be either a software or a hardware facility.
The WAF works by blocking all hacking attempts and filtering out any unwanted traffic. Many WAF’s nowadays are seen through the form of a ‘Cloud’ based service.
You should always keep your files and data backed-up. Always keep a back-up just in case your website does get hacked – you have a second copy of everything. If you don’t know how to back up, take a look at our blog on what backing up is and how to do it.
Hyper Text Transfer Protocol Secure (HTTPS), is a secure communications protocol that is used to transfer sensitive information between a user, website and the web server. The way that this protects the website is, for example, when a user fills in a ‘subscribe’ form on your site, HTTPS protects this personal information. Data sent using HTTPS is secured via ‘Transport Layer security’ protocol which provides three layers of protection.
You can never really have any idea of how secure public Wi-Fi spots are. This being in hotels, the airport or your local coffee shop. If you do need to use these public Wi-Fi spots, then there are two ways around this. You can set up a hotspot on your smartphone using your mobile data. To find out how to set up a hotspot for your android check it out here, and for an iPhone here. Another way to avoid interruption into your online roaming, is Virtual Private Networks (VPNs). These encrypt traffic so that the Wi-Fi network is unable to see what you’re roaming.
Imagine transmitting data through light waves. That is exactly what Harald Haas from Edinburgh University has invented.
Harald Haas is widely known as the original founder of Li-Fi and is co-founder of pureLiFi. 4 years ago, Harald Haas first said about using light-emitting diode (LED) lights as Wi-Fi transmitters. However tests are now being carried out by Velmenni which is an Estonian company based in Tallinn. They demonstrated that LiFi is actually extremely fast and have now tested it in industrial and office environments.
LiFi is a ‘wireless optical networking technology that uses light-emitting diodes (LEDs) for data transmission.’ LiFi uses pre-existing LED lights to create these, with only a computer chip included. LiFi works when an LED bulb that is fitted with the computer chip streams data that is embedded into its beams at ultra-high speeds and this goes to the photo-detector. Then a receiver converts the changes into an electrical signal which Is then converted back into a data stream. This is then transmitted to a computer or mobile device.
LiFi has a multitude of benefits. To begin with, it is capable of sending data at speeds of up to 1GBps, which could potentially allow you to download a film in seconds. LiFi can work up to 100 times faster than WiFi does, which is making this data transmitter very appealing for the modern generation.
LiFi will not travel through walls. This is because the data is received through the light rays, and the light rays are unable to travel through walls. This actually is an advantage as it adds a high level of security. Nobody will be able to access your connection. You therefore will have nobody trying to access your data and nobody trying to use your WiFi without permission. Lastly, it does not create interference in sensitive electronics which therefore makes it better for use in hospitals and aircrafts.
The only downfalls of LiFi is that the technology needs a clear line of sight and there is a requirement for the light to stay on at all times of operation.
What does it really mean to back-up your data? Imagine losing all of the files on your computer, and you hadn’t backed up your data, so therefore are finding yourself spending days on end trying to recover it all.
To back up data means to essentially create a copy of the files that are worth protecting. If something happens to the original files, such as they become corrupted or inaccessible by a viral infection or a user deleting the files maliciously or accidentally, then a backed up copy of those files will be essential for the purpose of recovery.
Whether a file has become corrupted or gone missing due to a number of factors, a backup solution will allow you to restore these files back to the way they were before the aforementioned event took place. The effort and cost taken to provide a working backup solution will be vastly outweighed by the heart-ache caused by the permanent loss of data.
It seems to be the case that no matter how far our security technology increases, there will always be a flaw in the solution that someone somewhere will know about and take advantage of it. Even with those systems in place the simplest of errors, like downloading a seemingly innocent email attachment, can potentially lead to an irreparable loss of data.
A low level of security is not the only way data can be lost. You have to remember that physical storage such as USB pen drives and external hard drives come with their own different working parts and that these parts can fail. So many times I have heard of professionals storing all the work they have saved across multiple organizations over a number of years on removable storage devices, only to lose all of it when the device fails and they find they can access their files no longer. While storing files on removable storage media is a form of backup, it is not infallible and if you want to keep your data from being lost you must think of both physical and virtual backup solutions.
Typically you would find backup solutions in the form of tape, virtual disc images (ISOs), or portable media such as USB pen drives and optical media like CD or DVD-R.
As discussed before, these devices can fail which makes it very difficult to recover the files stored on that device. However, these devices can be quite an easy and convenient solution compared to the others that are available. It’s as simple as copying and pasting files on to the drive. So to summarise; it’s best to only use these portable storage devices for short term backups as time can wear out the device and cause it to fail.
At this point, it is important to mention that it is far safer to store important documents on a network share rather than on external media or the C: drive of your computer. This may seem like an obvious one but your data is far safer being stored on your company or school server rather than on your laptop that can be damaged or stolen. By the way, your entire iTunes collection probably does not qualify as “vital data” so remember that storage on your server is finite and this may not need to be backed up.
If you’re a Windows 8 user, you can also use the File History Program. For this to work, you need to enable it which you can do by searching for it on the Start Screen. Windows 8 File History will not allow you to choose what you back up, instead it will back up everything.
Another way to backup is online. Some examples for online backup are Mozy, Carbonite and iDrive. Online backups do take longer, however this better secures your backup.
Cloud storage such as OneDrive or Dropbox are other options to consider and will automatically sync up a folder on your PC to the cloud. It is advised to use more than one storage device, this will give you a peace of mind and you have more chance of retrieving lost files.
Essentially, you should backup all data which would be frustrating, costly and time consuming, or otherwise impossible to recreate from scratch. For personal use, you would probably want to make a backup of photos and videos as these would often be quite difficult to recreate.
In a business environment, you would probably own a number of servers that would contain software and systems which are vital for the company to function as well as important financial records. Although, after some time spent, software could be reinstalled, losing evidence of your finances could prove to be fatal to the business.
In an ideal world I’m sure we would all love to be able to back up all of our data on a daily or even hourly basis, but as there are costs involved with backing up solutions we must arrange our backups so they copy the most important data on a more frequent rotation than others. Typically you would run a backup of vital company or customer data at least once a day.
While having a reliable and working backup solution will prevent complete data loss, that doesn’t mean you shouldn’t take measures to stop these losses happening in the first place.
Storing physical backup media in suitable environments will ensure they remain usable for a longer period of time. While transferring files from an external storage device to a computer don’t unplug the device from the computer or the power socket it’s connected to if applicable as this can often cause data loss. As aforementioned, save important files to a network share rather than on your computer.
Take care whilst downloading files from websites and emails as these are some of the most common causes of data loss. Unknowingly downloading a virus can cause damage to your computer system and, in most cases, cause the loss or theft of data. There are ways of spoofing, or faking, an email address so that people can send messages using the same or similar address as someone you know but in actual fact they are a completely different person whose only aim is to steal your data or destroy it. If someone’s email account information has been stolen, the malicious user will be able to send these harmful email attachments out using the genuine account directly. So if you’re unsure about an email attachment someone has sent you, it could be worth sending an email or phone call back to them to make sure it’s genuine.
For an organisation, you may want to put policies in place to stop anyone in particular sectors of the company from opening email attachments or downloading files from websites. It can be hard to keep an eye on even a handful of workers, let alone hundreds, and so it is important to lock down the features that are not necessary for those particular users to carry out their work on a day to day basis. You may want to create an exceptions list for those who you know you can trust and they have a genuine need to download from a website or email.
You may also want to have policies in place to stop files from being transferred to and from external storage media to ensure no malicious file are being put in to the system locally, and no company data is being stolen. These will form part of your security measures and will complement a decent anti-virus, firewall and email filtering solution.
This article has concentrated how you as an individual can take precautions to protect your important files. If you are a business owner or Headteacher of a school, you will need to implement a proper backup strategy. For school’s we recommend an on-site backup to either external media or a NAS device plus a cloud backup solution for extra resiliency. We recommend our School Cloud Backup service from CoretekCloud.
For businesses, the method of backup will vary depending of the size of the organisation and budget available. The principles already discussed are the same. Cloud backup is a very secure way of storing data but it may also pay to implement on-site backups in the event that large files need to be restored.
Both options will require the correct software to schedule and report on your backup strategy. Get in touch with us if you would to know what options are available.
So far, we have only covered the concept of being able to restore files from a backup. What about entire systems? What if this information is time-sensitive and you are losing money every minute these are unavailable? This is where you need to start considering DR and Business Continuity. We will be covering both of these in a future article including the difference between the two and how to plan a successful DR strategy.
• “Backing up” refers to making a copy of important data that you deem worth protecting
• Removable media such as USB drives have a limited life span and can be damaged or stolen
• Only use removable media as backup, not as the sole location for your files
• If possible, save files to a network share rather than on your local hard drive
• Cloud storage options such as OneDrive are a good personal backup source
• Try and backup files daily
• Be vigilant when clicking links or opening attachments in emails, even from people you recognise
• For organisations, implement security measures to restrict access to potentially dangerous sites or emails
• Consider both Cloud and on-site storage, depending on your business needs
• Ensure your organisation has a decent anti-virus, firewall and email filtering solution
• If loss of data could have a serious impact on your business, you need to consider Disaster Recovery and Business Continuity
If you need any assistance with any points raised in this article, get in touch and we will be happy to help.