Is Your Data Really Secure?

Several days ago, suspected hackers tried to steal the passwords of hundreds of Google email account holders, including those of senior U.S. government officials, Chinese activists and journalists, Google claimed. The company said it recently detected the security breach and stopped what it described as “a campaign to take users’ passwords and monitor their emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegating settings.” Google’s email service enables users to forward messages automatically and grant others access to their accounts. In April, the media covered a story on a cyber attack on Sony Corporation by a group of unknown cyber criminals who hacked into their servers and stole the data of over a 100 million users. Ring a bell? The entire fiasco is reported to have cost Sony an estimated figure of over $171.2 million, but more importantly seemed to have lost the trust it had with its customers. By comparison, the earthquake and tsunami March 11 caused an estimated $208.5 million hit on the company's profit for the fiscal year ended March 31.

Most often than not, we provide more and more information to the Internet about us, our lifestyle and family from blog posts, social media sites and friends’ pages. However, we seldom stop to consider how secure your data is. The recent cyber attack events went on to illustrate that the importance of data security is critical, both for computer users and most businesses. There are three kinds of data; data at rest, data in motion and data in use. Bank account details, client information, payment information, personal files and so on are data we store, share or use for different purposes. All of this information can be hard to replace and potentially dangerous if it falls into the wrong hands. Data lost due to disasters such as a flood or fire is crushing, but losing it to cyber criminals or a malware infection can have much greater consequences. Threats to data security can either be physical-such as a fire, power outage, theft or malicious damage- or human- such as the mistaken processing of information, unintended disposal of data, cyber attack or erroneous input.

So, how can we secure our data? Data security starts with a strategic planning and risk assessment. Technically, it’s not possible to guarantee 100% security for data in any form; we can only avert cyber attacks and mitigate their impact. The key questions we would ask ourselves: What would happen if you lost your’s or your organization’s data? ; What would happen if an organization lost your data?; Who has access to data at rest?; Who is allowed to move data?; Who uses the internet, email systems and how they access it? Who will be allowed access and who will be restricted?; Whether or not one is required to use passwords and how they are maintained? and properly training the staff and enforcing data security. We can then identify areas of vulnerability and develop strategies for securing your data and information systems. Since data can be compromised in many ways, the best security against misuse or theft involves a combination of technical measures, physical security and a well educated staff.

Hand-held devices and laptop computers have become popular in the business environment. To a mobile worker, there are benefits aplenty to mobile information access. According to McAfee, on average, one in three employees keep sensitive work-related information on their mobile devices. However, as mobile access to sensitive corporate information becomes more popular and the number and type of mobile devices used to access such information increases, security is an important concern. Mobility has its own characteristics and, hence, security issues. Mobile computers are at a much greater risk of data loss through damage and theft. The mobile device problem goes both ways. While many employees use their personal devices to handle work-related tasks, such as accessing corporate email and viewing documents, nearly 63 percent of work-issued mobile devices were being used by employees for personal activities, such as access to Internet.

Given the unique nature of the mobile environment, mobile security is not a single security solution but rather a combination of solutions extending the existing security infrastructure to the location of the mobile devices. An administrator needs to create security policies specific to mobile device usage. In case of a loss of a mobile device, we need to minimize the impact of the lost device: Password-protect all devices, encrypt sensitive documents on the device, and don't use automatic scripts for VPN login. Mobile device security policies should also include minimizing access to limited sources using firewalls. It is also important to protect the device from physical damage by using a casing. Internet access should be in needful and careful manner to prevent spyware from invading our mobile devices.