Keeping data secure

Following the news this week that South Wales Police have been hit with a fine of £160,000 for not reporting missing data for two years, I got thinking about the importance of keeping data secure.

The case itself is an extreme example of why you should keep data secure.  You really don’t want evidence in a very serious case just going walk about.  Beyond that, looking more towards home personal data, there are many good reasons of why you want data to be secure, and many ways of doing it.

The first, most important reason to want to keep your data secure is to prevent identity theft.  You know who you are, sure.  But someone receiving an application for a credit card, personal loan or anything of that nature doesn’t.  They won’t be able to tell the real you from the “you” that someone has made up in order to facilitate fraud.

Beyond basic (though it’s actually quite clever, and a little beyond basic) fraud, keeping your own data secure is important in preventing targeted attacks on yourself or your property.  If someone knows you are going to be in a certain place at a certain time, they could target you there specifically.  Or they could know you’re not going to be home, and therefore know they have time to break in and help themselves to your stuff.

Potentially somewhat even more nefarious would be someone getting access to things you would rather keep hidden.  It doesn’t matter if it’s some embarrassing or compromising photos, or if it’s some deep dark secret you have written in a diary from a long time ago.  People can (and sadly will) use that against you for their own gain.

It might sound overly paranoid, but it can happen, it will happen, and it does happen.  Fortunately there are some easy things you can do to help minimise the chances of data being stolen.

Firstly, and the easiest thing you can do, is to use better passwords.  Quick question: how long is your password?

If you answered “which password?”, then that’s a good start.  If you were able to absolutely answer the question because you use the same password everywhere, stop reading this, go and look at Jeff Atwood’s password article, and then go and change your damn passwords!

Regardless of the case, if you have a password which is shorted than 12 characters, then it’s too short.  I am aware that some sites will only let you have passwords up to a certain length (Microsoft only let you have a 15 or 16 character password, some banks only let you have 10!).  Personally, I try to avoid any password shorter than 16 characters where possible, and employ “good practices” in terms of picking my passwords.  That is, they are always a mix of upper case, lower case, numbers and symbols.  Want to hack my accounts?  I hope you have some serious computing power and a lot of spare time.

When I tell people that, they are always shocked and wonder how I can remember all of those passwords.  The answer is, I don’t.  I use a password manager which can generate them for me.  I use LastPass, which I have as a browser add-on in Chrome (my browser of choice) so I only need to remember that password.  I also have it set up with multi-factor authentication so even if some little scoundrel managed to get my password, they wouldn’t get access to all of them without my phone.  If they have my password and my phone, they need to be able to unlock my phone, which requires wither a pass code or my thumb, so they really have their work cut out.

Start forgetting your passwords and let something else rememeber them for you.

Secondly, whenever you throw out paper/post etc, make sure that you have shredded it if it has any personal information on.  Not exactly high-tech this one, but a shredder can cost as little as £10, and adds to peace-of-mind when you’re throwing out old statements and bills.  Ideally get a cross-shredder rather than a strip shredder, but either will do.

Next, don’t post everything you have planned to social media.  Are you going on holiday for 2 weeks?  Does everyone really need to know?  Just like the house parties which have been overrun when advertised on Facebook (and people never learn), if you post that your house is going to be empty for a period of time, you’re inviting yourself to burglary.  Be careful what you post.

The careful posting isn’t just about avoiding being the victim of crime, people have been sacked for their social media posts.  I’ve read about it happening, but I also know someone who it happened to, and they were working for a company who was making people redundant, so they missed out on their redundancy money as a result.  Double loss for a moment of stupidity.

Of course those are all common sense and easy to follow, but what about more advanced protection, such as data encryption?  It all sounds very James Bond and over the top, but can you really put a value on the information you have on your computer?  People have done hard drive encryption for a long time, and Microsoft even have articles on how to do it, and Windows 8.1 is said to do this by default.  I’m not sure how true that is as i can’t remember it from when I installed Windows, but I know there are options in Ubuntu for encrypting the home folder by default, and even the ability to encrypt the whole hard drive.

With the features so easy to use and manage, why wouldn’t you take every step possible to secure your data?

Which reminds me, I need to encrypt my Ubuntu partition