Data Encryption – What You Really Need To Know

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

In today’s digitally driven world, far too many personal and business devices are left unsecured. These devices don’t leverage strong passwords and fail to have the encryption needed to protect vital data.

Whether companies choose to store data in public, private, or hybrid clouds, they should always ensure that the data is encrypted before it leaves their devices or networks.

Additionally, when employees think that “this data isn’t important,” they are creating the weak links that hackers need to successfully infiltrate a device (or network) and subsequently steal unencrypted data, upload malware attacks, and otherwise wreak havoc on unsuspecting businesses.

[Read more…]

Using Flash Drives? Encrypt Them

Flash drives are becoming an increasingly popular means for transferring files from one computer to another – especially now that they are capable of storing up to a whopping 256 GB. These handy devices are easy to tote because of their small physical size and are a no-brainer to use since they pop right in and out of a USB port. So, it’s no surprise that employees may use flash drives to transfer work from the office to home. While this may initially sound like a run-of-the-mill activity, think about the ramifications of taking sensitive company data out of the building.

A variety of methods have been used to prevent employees from using flash drives due to the security risk it poses. While establishing policies for using removable data is good practice, it isn’t necessarily effective, and it is virtually impossible to monitor if and how flash drives have been used. This has spurred some businesses to physically disable the USB ports on its computers by calking ports or using software to disable them. This certainly works, but it is possible to eliminate the security risk without damaging any equipment or putting restrictions on employees simply by encrypting the data on drives.

There are two main ways to encrypt flash drives in order to prevent prying eyes from viewing your important business information. The first is to use drives that are outfitted with encryption service. As such, there is no worry about training your staff how to encrypt files or a question on whether it’s being done at all. Encryption, however, can still be achieved on regular flash drives that may already be in employees’ possession with software-based encryption services, most of which are low-cost.

In either case, sensitive business data that is encrypted is secure without a lot of hassle. When your employees need to access such files from flash drives outside of the office, they will be prompted to enter a password or encryption key to view them.

If a flash drive falls into the wrong hands, the information stored is completely unreadable without the proper key or password. This prevents any data breach while still allowing employees the ease of using flash drives to relay their work between the home and office.

How To Shop Online More Safely And Securely

These tips can help you determine that you’re shopping at a secure and trustworthy website.

Look for signs that the business is legitimate. Buy only from reputable stores and sellers. Here are some ways to check.

Find out what other shoppers say. Sites like Epinions.com or BizRate have customer evaluations which can help you determine a company’s legitimacy.

Look for third-party seals of approval. Companies can put these seals on their sites if they abide by a set of rigorous standards such as how personal information can be used. Two seals to look for are the Better Business Bureau seal, and the TrustE certified privacy seal.  If you see the seals, click them to make sure they link to the organization that created them. Some unscrupulous merchants will put these logos on their websites without permission.

Look for signs that the website protects your data. On the web page where you enter your credit card or other personal information, look for an “s” after http in the web address of that page. This shows that the web page is encrypted. Encryption is a security measure that scrambles data as it traverses the Internet.

Also make sure there is a tiny closed padlock in the address bar, or on the lower right corner of the window.

Use a filter that warns you of suspicious websites. Find a filter that warns you of suspicious websites and blocks visits to reported phishing sites. For example, try the SmartScreen Filter included in Internet Explorer.

Keep your web browser updated.

It helps protect you when you shop online.

What Is A Website Certificate, And Why Is It Important?

If you ever make purchases online, you must know how to quickly determine if the website you are about to buy from is secure.

A secure connection is an encrypted exchange of information between the website you are visiting and the browser you are using. Encryption of data is simply a process of converting the information you type in (your name, address, and credit card number) into an unreadable format that only the receiving website can decipher.

Encryption is done through a document the website provides called a website certificate. When you send information to the website, it is encrypted at your computer and decrypted at the website to prevent hackers from intervening and stealing your credit card information.

So how do you know if a site has a certificate and a secure connection? There are two things to look for. Just note that these two checks only apply to the web page where you actually enter your credit card information, NOT the entire site itself.

Once you are on the actual order page, look for a tiny yellow padlock in the bottom right corner of your web browser. Depending on your browser version, the Security Status bar may be located on the top of the browser and to the right of the Address bar. The padlock should be closed (locked).

Next, look at the actual URL. It should begin with “https” rather than the standard “http.” If you are on a website and you see these two things, the site will have a certificate.

Another way you can view a site’s certificate is through your browser’s menu options. In Internet Explorer, go to File, Properties and then click on the Certificates button. The same dialogue box will then come up for you.

If you ever get a warning that there is a problem with the website’s certificate, it could be due to a number of problems such as the names on the certificates don’t match up with the website or the certificate has expired.

If this happens, you may want to call the company and place your order by phone rather than going through their website.

Finally, make sure you check out every company’s Privacy Policy. Even if they have a secure checkout process, they could give or sell your information to third party companies.

Data Security And Theft Top IT Concerns For 2006, Continuing Into 2007

The number of personal records exposed in data security breaches surpassed 100 million this year.

So says the Privacy Rights Clearinghouse, which has been keeping count ever since a high-profile data leak at information broker ChoicePoint in early 2005. It keeps track of thefts and losses of gear such as laptops, storage tapes and drives, as well as of hacking incidents and insiders who leak data.

The count climbed throughout 2006: Boeing, the Department of Veterans Affairs, Hewlett-Packard, McAfee, the University of California, and many others made headlines as a result of breaches.

Most incidents come to light because of laws requiring public notification of data loss in cases where data is unencrypted. In response, security companies are increasingly pitching encryption products for secure storage–for example, Seagate Technology is building it into its drives. Microsoft is also getting into the game: business versions of Windows Vista have a full-disk encryption feature called BitLocker.

But encryption technology still lacks usability, a panel of industry experts said at an event celebrating the 30-year anniversary of cryptography.

Meanwhile, banks and credit agencies are hawking credit-monitoring services. In September, researchers named several banks as a consumer’s best bet in terms of offering protection against identity theft.

Breaches are only one way people’s identities can be compromised. Phishing scams are getting more widespread, and fraudsters are getting trickier in their attempts to con Internet users. People with high incomes attract more phishing e-mails and lose more money to them than other Internet users, according to a November Gartner report.

Scammers are helped by an apparent influx of cross-site-scripting bugs. These Web security flaws could let attackers craft a URL that looks like it points to a trusted site, but serves up content from a third, potentially malicious site. This year, this type of bug was found in many popular Web sites and in Google’s search appliances.

Phishing shields are now common. Microsoft has built one into its latest browser, IE 7, and Mozilla offers a similar feature in Firefox 2.

Alternative approaches to combat phishing include a new DNS service, OpenDNS, whose free address-lookup service blocks phishing sites and other threats.

Yahoo added an antiphishing feature to its site that displays a custom image on the log-in screen to verify that it is indeed a Yahoo page.

But if confidential data isn’t exposed through data breaches or pilfered through a phishing scam, there’s still malicious software. Criminals are crafting more-targeted Trojan horse attacks that seek to sneak onto PCs through zero-day flaws, experts have warned. In addition, some malicious software is now designed to let cybercrooks surf into online banks with you to steal your money.

You could also be exposed while on the go. Privacy watchers warn that people carrying passports equipped with radio chips could have the information in the document read from a distance. The solution: keep the passport closed and in a foil bag.
— from CNET News Service