Do you have any data on your computer that is private? Any social security numbers? Tax returns? Medical histories? Customer accounts? Credit Card numbers? Sales pitches? New product details?
Anything sensitive? Anything that could risk your identity if compromised? Anything that could cost your business or your customers if compromised.
That's a pretty wide swath of data, and chances are good that yes, there is some "classified" data on your PC.
Does it need to be protected? That's a good question. For laptop users the answer is easy: Yes. Your machine is light and portable and is frequently out and about, and could be picked up and carried off without much trouble. Then someone else has all your data. Whether or not you use a login ID and password is meaningless. That is not data protection. Neither are the password options in MS Office to "protect" files.
What if you use a desktop computer that you don't take on the subway with you? I suppose it depends on personal comfort levels, how many other people can physically access that computer, who those people are, if the computer is on a network/the Internet, etc. There are a lot of considerations, but I lean towards Yes in all cases. Better safe than sorry, and all that.
So how can you protect your sensitive data?
Encryption. It's easy and free.
En-what?
Encryption. It takes the contents of your files and jumbles them up using complicated mathematical algorithms. The best kind of encryption requires complex keys in addition to passwords to provide nearly unbeatable protection. I say "nearly unbeatable" because I don't know what kind of power the Gov't has these days, but for "normal" folk it would take a hundred years to break good encryption using the best computing equipment commercially available.
So how can you do it? There are options available. You can encrypt files, containers of files, or the entire hard disk.
For those laptop folks, I suggest encrypting the entire hard disk. This way if your laptop "walks off," it takes more than just putting the disk in another machine to read it. Your machine can only be useful if the disk is formatted and the existing data erased. It doesn't make your machine less prone to theft, but it does protect the data.
If you don't want or don't think you need to encrypt the entire hard drive, you can encrypt individual files, or create "containers" on the disk, the contents of which are encrypted. I prefer the container because all I need to remember is the one password to open the container, and not one password for each file.
My top two for encryption are Cypherix LE, and Truecrypt.
With Cypherix, you create a "vault" on the drive or USB memory stick, etc. This vault is mounted like a disk drive and you now have on the fly drag-and-drop encryption. Just take that file, drag it to your vault, and drop it in there. As soon as you unload the vault, it is as good as gone. Cypherix also allows you to create encrypted emails in a simple manner. Basically an encrypted self-extracting file is created and attached to the email. No one can read the contents without the password. There is a 25Mb size restriction on your vault, so if you have a lot of data, you may need to make multiple vaults on your media.
Truecrypt is a much more complex, much more comprehensive product. It offers the same container-style operation of cypherix, but will also do complete hard disk encryption, hidden volumes, and even hidden operating systems. Just reading the documentation is fascinating...ok, maybe just for nerdy types. If you are a laptop user or desire an offering with more options, Truecrypt may be the one to look at.
And lastly...do not go through the trouble of encrypting your data and then write the password down somewhere. That defeats the whole purpose. As a computer professional for 18 years, when I arrive to support a user and I hit a password challenge and the user is not there, the first thing I do is look under the keyboard. Then I read the sticky-notes on the monitor, then the ones on the vertical surfaces of the desk. I find a lot of passwords that way.
As always, feel free to leave comments and questions, or contact me at scott at schreibnet dot com for advice and/or help with encryption and any other issues.
No comments:
Post a Comment