DATA AND INFORMATION: SECURITY MEASURES TO KEEP THE WORLD OF COMPUTING CIVILIZED

BY JOSEPH PIECORA. Director of Technology.

As an individual that aspires to one day be the CIO/CISO (Chief Information Officer/ Chief Information Security officer) of a technology firm, data security is a matter that is always heavy on my mind. In my profession I deal with clients on a day to day basis that when I am troubleshooting their IT problems and for instance I need a password to see if their e-mail works, they just blurt it right out. “Oh it’s the name of my daughter, Monica.” My response is always the same, “I know you think you can trust me, but you just met me and you don’t know if you can trust me with that information. Don’t be so cavalier with blurting out your password to anyone.” In an age where millions upon millions of people do online banking, online bill pay and even online car insurance there can be no room for any breaches in personal security no matter how large or small. What do you do when you lose your wallet? You call the credit card companies and cancel all your cards. Imagine if someone got your credit card number online where no ID is required to make purchases. Or imagine if someone acquired your social security number and stole your identity. If you simply think about these situations you would probably be much more careful about your passwords.

In today’s world no one walks into a bank with a gun and hands the cashier a note or yells “THIS IS A STICK UP!” Not unless you live in the sticks and your name is Billy Bob that is. Nowadays the real fortune is contained within one thing, and that is binary code. The servers which host millions of peoples personal and business banking information are the new targets for criminals. Do not for one second think that there is not someone out there that can bypass all the security measures of these servers. The more steps you can take to protect yourself, the better.

Let’s talk about some real world examples of data intrusions especially on business networks. Let’s say one day you’re logged into your E-Trade or some other stock trading account. You suddenly receive an email simply saying this “Check your stock accounts.” So you go back to your account web-page and you see half of your stock has been traded off. Then you get an email saying “Want this to stop? Deposit $100,000 into this account number.” What just happened was an internet “hacker” held this unknowing persons account as a “hostage” and asked for a ransom. The problem is even if this person was to pay the ransom how is he to know this will stop? This result is a large amount of capital lost no matter which way this situation is handled. Security specialists say that if this were to happen to you that you should never pay the ransom but rather report it to the authorities a.s.a.p. Only problem is, you already lost half your stocks. Another example of this kind of data intrusion is called “fraud services.” What this means is that an outside party will gain access to your data and then instead of committing any fraud themselves, they sell the access to your system along with all of your data and information. Such “fraud services” as “76service” even provide an indexing tool that will index a persons or businesses private
data to make it easier to search for valuable information. Pretty scary stuff right?


One of the best ways to protect yourself is with a good password. Many of today’s passwords are simply a combination of names or numbers that are easy for people to remember, however these are also the easiest to be cracked by criminals. Here are a few simple steps to make your password more complex. Let’s say your password is “GOOFY” To make it one more step secure give it a numeric extension like “GOOFY123” To go the next step give the password a symbol extension such as “GOOFY123!” With those two simple steps you have made your password 3 times harder to crack and it is still easy to remember.

The best way to defend yourself against online data breaches is investing in a “biometric authentication system.” Simply put: a fingerprint reader. Companies such as Microsoft have put out on the market a budget friendly, easy to install biometric system for your personal or business computer. Even PC manufactures like Toshiba and IBM have built-in fingerprint readers. With this new technology you simply register your fingerprint on the computer and use it each time you want to access a website or a file.

Besides protecting yourself with proper passwords, another step to take is ensuring the protection of your home or corporate network. Have a wireless connection? Was encryption put on it? If you can’t remember, the answer is probably no unless you had a professional IT company set it up. With an unsecured wireless network anyone who is in range of your connection can connect and can wreak havoc on your systems. A simple encryption code can prevent this breach. Even though a wireless network is still susceptible to intrusion, it is a lot less likely to happen.

If you’re in the corporate environment, there is much more room for intrusion and many more tools available to prevent these intrusions. The first step would be of course a server for users to authenticate through. A proper antivirus should always be deployed to all workstations in a corporate network. Next step would be a firewall. A firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component fails to check potentially harmful contents such as computer worms being transmitted over the network. An intrusion prevention system (IPS) helps detect and prevent such malware. IPS also monitors for suspicious network traffic for contents, volume and abnormalities to protect the network from outside attacks.

A major issue in today’s business world is “data and information leaks.” Many advances to prevent this from occurring have been made in the IT world. Data Loss Prevention System (DLP) is an example of a preventative measure an organization can take to eliminate data and information lose. Users, either knowingly or ignorantly, can transmit data from the very servers that they logged into to outside locations. There is both hardware and software that is designed specifically to monitor network activity and transmissions. Also a simple step to take is setting permissions on your network to define what user can access what files.

If everyone took all the simple steps available to them to better protect their personal or business data, we would all live in a safer world. There will always be a young man or high school kid with dress shoes and white socks sitting at their computer attempting to write an algorithm to log into some bank or government agency. Even if you do not do your banking or any other transactions online, where do you think the main database for your bank account is stored? Your monthly statements do not come hand written; they come printed out of the machine that houses all of your information. Remember, if it’s worth storing, it’s worth stealing. The first line of defense is you! Don’t leave your personal or business security up to anyone else!