The internet has revolutionised almost every facet of our day-to-day lives. Through it, we’re able to access both entertainment and information, and to socialise and shop without ever leaving the comfort of our homes.
To make this possible, we must necessarily transfer some amount of personal information over the internet. We’re not able to hand over cash when paying for something online, and neither are online retailers able to send us our purchase if we don’t provide an address. One might try to get around these limitations by arranging to pick items up from a collection point, or by avoiding social media and online shops altogether – but the fact is that if you’re to get the best from the internet, then you’ll inevitably need to hand some information over.
Whether you’re a customer who’s concerned about the security of your personal details, or you’re an organisation trusted with safeguarding those of hundreds, thousands, or even millions of customers, then you’ll need to take online security seriously. In this article, we’ll examine how this might be done.
Back up everything
Security doesn’t just mean preventing potential wrongdoers from accessing your data, but protecting it against acts of god, too. If information is stored on a hard drive that suddenly fails – for whatever reason – then that data will be forever lost unless another copy of it is stored somewhere else.
Traditionally, live data is made safe by storing it on a Redundant Array of Inexpensive Disks (or RAID). This consists of a collection of two or more hard drives, connected together. These arrays are arranged such that, if any one drive should fail, then the remaining drives will be able to automatically rebuild, resulting in no downtime or loss of data. However, RAID should not be considered backup. A robust backup system provides local and remote copies of data, and contributes to wider business continuity planning which organisations must consider. This redundancy is taken further still in the world of cloud computing, where data is stored in a remote location, on systems which have multiple redundancy levels necessary to cope with various levels of failures.
Preventing cloud hacking
Cloud storage is fantastic. It allows for data to be stored inexpensively, and for users to eliminate all those bulky, expensive and cumbersome storage servers, and to access their data from a device of their choosing, wherever they might be in the world. But cloud solutions, too, carry with them their own risks.
Storing data on a remote server presents its own troubles. Just as an authorised person might be able to access their data remotely, so too might an unauthorised one. You might have seen stories in the news about cloud storage hacks, where the personal details of hundreds of thousands of customers have been obtained by unscrupulous hackers. In order to guard against this, organisations which store such information must take steps to protect it.
How can encryption help send sensitive information securely?
When we’re sending data over the internet, it’s important that it’s sent and stored in a way that any intercepting party would be unable to read it. In order to do this, we make use of something called encryption.
When you’re buying something from a reputable online store, you might notice that the ‘http’ portion of the web address changes to ‘https’. In most modern browsers, a little padlock symbol might also appear, in order to make the change more obvious. This signifies that the connection between you and the web server is secure – every bit of data has been encrypted, and only your device and the server has the ‘key’ necessary to decrypt it.
If ever you’re sending personal information, like debit card details or a password, over a connection which isn’t secure, then you risk that information being lifted by unscrupulous third parties. By the same token, if you’re a business that’s asking your customers to do the same thing, then you risk alienating them – particular if your security vulnerabilities are exploited.
How to choose a strong password
Of course, one of the most important protections against unwanted access to data is quite a simple one: the password. Passwords are not all created equally, however. Staff and customers alike should therefore be encouraged to choose a strong password – one which is memorable, but which is also difficult for a stranger – or an algorithm – to guess.
The conventional wisdom here is that we should use a combination of different characters, including numbers and letters in both upper and lower case. Another approach advocates pass ‘phrases’, consisting of a short phrase with the spaces omitted. For example, “myBelgianwafflesweigh92metrictons” is a far stronger and more memorable password than a shorter cluster of random characters, like “HxzSy6u02”.
Since there’s no material cost to choosing a stronger password, and the benefits of doing so are so tangible, it’s essential that businesses give their staff thorough training in which sorts of password are most effective.
Provide employees with training
Just as a chain is only as strong as its weakest link, an organisation is only as secure as its least-secure member. If just one employee is lax about security, then they could offer a vulnerability which could affect your entire business – and they might be do so entirely unwittingly.
It’s essential that staff are provided with thorough training if they’re to uphold the required level of security. This might mean simple warnings against leaving passwords and devices lying around, and against opening suspicious emails. By fomenting a culture of vigilance, companies will create the best possible protection against data loss.
Stay informed about security
The world of technology is constantly evolving. And this goes especially for online security – businesses and customers alike are engaged in an arms race with cyber-criminals, who are constantly developing ever-more sophisticated ways of breaching that security and getting away with valuable data.
Since safeguarding your businesses is so crucial, it’s important to keep an eye out for developments in the world of online security. That way, you’ll be able to stay one step ahead of those who would try to attack your business and steal your data – and thereby ensure the safety of both in the long term.
Businesses may benefit from specialist advice. Air-IT is an award-winning provider of IT and Communication services and enjoy partnerships and accreditations with industry-leading technology vendors such as Microsoft, Sophos and StorageCraft. For further information on our IT security, backup, recovery or business continuity planning services, please contact us today.