Update, back up and clean out: keep yourself secure beyond passwords

by | 20 Nov, 2017 | 0 comments

Security goes beyond passwords. Think about backing up, thinking of what you keep and what you don't, and updating as key security practices.

Last time I talked about security here, I was discussing passwords. And that’s a decent first place to discuss security, but it’s not the only topic for thinking about digital security. There are three1 golden security rules.

  1. Copy Everything That Matters
  2. Don’t Bet Anything You’re Not Prepared to Lose
  3. Keep All Your Doors Locked

Here, then, are the three rules in more detail, and what they mean for you.

Copy everything that matters

Backing up your computer is nothing more complicated than copying your entire hard drive onto a second drive. More than any other security practice (maybe even more so than choosing good passwords) backing up your work is the crucial security practice for ensuring the continued access and control of your personal systems and information. Find yourself the target of ransomware locking you out of your account? Wipe the computer and restore from backup. Laptop damaged? New laptop, restore from backup.

Windows 10 and Mac OSX both have native backup facilities, so there’s no reason not to use them. All you need is your computer and a USB hard drive onto which to back up.

Even if you can’t commit to backing up your entire computer (say, if you don’t control the computer you use) then you should still make efforts to back up your essential files. Consider (if you can) using one of the many free tools available to you to keep your files updated, or if you can’t, make sure you copy them to a USB thumb drive to keep them safe and make sure that you do this regularly.

Don’t bet anything you’re not prepared to lose (but eventually you’ll have to)

Nothing is ever secure. No security measure is foolproof. There is ever only ‘more secure’ than an alternative, and nothing, nothing that cannot be broken somehow.

Which means this: Every piece of data you record, every document you make, everything you ever store on a computer is a gamble — A bet that it won’t be breached and stolen. Sooner or later, you will lose that bet. Someone will take your data. Someone will break into your system.

And as the classic gambler’s adage goes, never bet anything you aren’t prepared to lose. Or, on topic, never record anything that a breach would be unacceptable. If you do not need to store it, don’t.

Now, in a university, particularly with research data, there’s a lot of things you do need to store. The UTS Guidelines for the Management of Research Data are ACRCR compliant and encourage the storage of research data, especially hard to replicate data, so that they can be shared and used in as much research as possible. But within this framework, you should still consider proper data security management and work to minimise unacceptable data loss.

A good data management plan can come into play here, looking at what data you’ll collect, what data you’ll keep and for how long, what data can be deleted safely and is non-essential after a certain point. Remember that you can always book a consultation with a librarian to discuss your data needs.

But as always, remember: Nobody can steal what you don’t keep.

Keep your doors locked

Ever heard of a Wi-Fi Pineapple? If you haven’t, we’re about to make you paranoid. Here’s how it works. When you have your wi-fi details stored on your phone or laptop, it scans for networks with names and settings it recognises. A wi-fi pineapple listens for any device looking for a wi-fi network and checks what network it’s looking for. Then, it impersonates that network and lets your device connect. Now, they have access to your device, and can potentially install software, read your data, and more. By the way? It’s commercially available.

Wanna know the way to beat it? Turn off your wi-fi if you’re not in your home or office. It can’t exploit your wi-fi if you’re not using it.

Then again, maybe they can! Heard about KRACK? It intercepts your device as it attempts to connect to a wi-fi network and delays a crucial stage in the process of connecting you. Then it can use that delay to worm its way into your device.

But the patches for it are out. If you’re patched, you’re safe.

This is the message of these two examples: Keep your doors well locked. If you’re not using a piece of software? Delete it or disable it. If you’re not using Java for anything? Then delete Java entirely from your computer. Not using Wi-Fi or Bluetooth? Turn it off. And if you must use something? Keep it up to date! Many security professionals now consider keeping apps and operating systems up to date to be more important than running antivirus software.

Keep your doors closed. Keep your locks well-maintained.

How important is all this, anyway?

This matters, there’s no question about it. In any large institution like a university, you will always wind up responsible for data that affects someone else; such as the communications you’ve kept with a student or research collaborator. Everybody has information worth it to someone to steal, like research data or an even a planned exam. (You don’t think students would go to lengths to get an exam ahead of time? Of course they would.)

On the other hand, there is a Zeroth Law of security: Every security measure is a trade-off. Maybe it trades off with convenience. Perhaps it trades off with your ability to collaborate. You need to find the level at which you’re happy with those trade-offs.

But it’s worth thinking about these things, and finding out if you could secure your information better. Remember you can seek help with lots of groups. Talk to the library about data management. Talk to IT about security options.

Think about security. Do what you can to make yourself safer. In the end, it could save you a lot of trouble.

1. As I was writing this, I thought of a fourth rule, and I could probably come up with more if I tried. There’s always more you can do.

Feature image by: James Sutton

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

 
Share This