Securing data on your PC
This morning I spoke at a 4networking meeting in Leicester about securing data on your PC. This post expands on that a bit and includes links to relevant websites to flesh it out a bit.
Over recent years we’ve heard of people (mostly government!) leaving laptops on trains, in taxis or in pubs. Laptops with important and sensitive information on them.
This morning I saw an article called “Microsoft Plotting Death Of Desktop With Windows 8“. It seems from this and other sources that Microsoft are expecting us to move more and more to the use of mobile computing and will be extending Windows to support iPad type devices.
So here are some thoughts on how to keep your data secure. These will work now on your laptop or office PC.
- Windows password. PCs come pre-installed with Windows these days. There’s a simple setup that is run first time you use the PC. One of the things it does is to create a user account for you, but often it doesn’t create a password. When you boot the computer, it goes straight into the account. The risk – anyone who gets hold of your PC can access everything on the computer immediately. So create a password. This is easily done – Google “Create user password Windows” to find out how to do this for the various different flavours of Windows. Ideally, you should define a strong password – at least 12 characters and returning zero results when searched in Google. I have to admit to using less characters than that as I couldn’t remember them all!
- Encrypt your files. This stops someone removing the disk from your computer, linking it into another one and just reading everything off it. Windows XP Pro, Vista Ultimate & Enterprise and Windows 7 Ultimate have built in file & disk encryption (BitLocker or EFS (Encrypting File System)) – Google “encrypt data Bitlocker” or “encrypt data EFS” to see how to use them. If you’re running any other version of windows get something like TrueCrypt. Note – I’ve looked at TrueCrypt but never used it in anger so check it out carefully on data you don’t mind losing.
- Disable autorun. Removable media (CD, DVD, USB drives) can contain programs that automatically run when inserted – we’ve all seen it when installing software from CD. Great when setting up a system in the first place and installing loads of software, but later on if someone else puts a CD or whatever into your computer when you’re not looking, they could infect your computer with a Trojan that’ll read everything you’ve got and transmit it over the Internet, or log all your key presses and get your bank account passwords, etc. This Microsoft article shows how to do it, including fixing a bug or you can Google “disable autorun“
- Enable Microsoft update to download and automatically install security patches – Microsoft article. In past times, people were rightly sceptical of allowing this action, but now it’s fine. Microsoft issue security updates monthly. Also, once in a while, do a manual check of Microsoft Update and check and haul down the optional updates – especially new drivers. To do this click on the “Start” button and select “Windows Update” or “Microsoft Update”
- Get firewall and anti-virus software. Windows has built in firewall software – personally I think it’s not that good but it’s better than nothing. There are a number of free firewall/AV packages around, but remember they may only be worth what you pay for them. I’d also recommend avoiding Norton/Symantec, I’ve met many IT support people who hate it. We’ve used McAfee for years and never been hacked or infected by viruses or trojans. Although their technical support isn’t fantastic and when new versions of the software come out, sometimes there’s problems, once these are sorted it runs flawlessly. Don’t just rely on your router firewall either – that’ll stop people trying to push a Trojan onto your computer, but won’t stop any that are attached to an email or come in from some other source. It also won’t check what’s programs on your computer are trying to connect to the Internet, whereas software firewalls can be configured to ask you whether to allow a program to access the Internet. McAfee will also check with you if a previously allowed program has changed – often this is OK because you’ve upgraded the program, but it may be that something has infected it or is masquerading as a known program.
- Don’t use software from untrusted sources. Trusted sources include original CDs from software suppliers, their websites and recognised & trusted software repositories (e.g. download.com, tucows). Other software repositories and copied CDs should be considered unsafe.
- Be the only user on your PC. You can create multiple accounts if you need. There are occasions where PCs need to be shared – e.g. laptops for presentations. In these cases, just don’t put anything you don’t want the whole world to know about on it.
- Secure your computer when you leave it. You can configure a screen saver to require a password when it’s been activated, but that is a real pain in the neck. For it to be any use, the screen saver needs to kick in within 30 seconds of no activity. I’ve been trying out Predator, a free bit of software that works in conjunction of a USB memory stick. Remove the stick and the PC locks. Put the stick back in and it asks for a password. There’s a free version (we like free) and a paid version with some nifty features like email, sms & twitter alerts if someone tries to access the computer. It seems to work well, and has had good reviews. If I come across any problems, I’ll let you know.
If you’re really paranoid you can get into password managers, etc. where you carry all your passwords, encrypted, on a memory stick, or into biometric stuff, but that’s way beyond what most people need.
Ok, all this lot will help prevent other people accessing your data. But there are other things that can go wrong.
A couple of years ago Kroll Ontrack – one of the world’s largest data recovery companies – listed some of the more common & unusual ways people had lost data off their computers
The unusual included a man getting so fed up with his PC that he shot it with a shotgun, a laptop falling out of a fishing boat and a company accountant dropping his laptop into his bath. The more usual ones included spilling drinks on the laptop, driving off with one on the top of the car and laptop bursting in to flames.
I have a client who had their PC stolen and another who’s laptop wound up in Hong Kong when it was supposed to be in Singapore with him.
This brings me on to the subject of backups – yawn
There’s a number of ways of doing this, depending on the data you’re backing up.
- Software distribution CDs & DVDs. You’ve probably invested a lot of money in buying software – whether that’s Office, accounts software, Adobe Creative Suite, CAD or other design software. Copy these to CD or DVD. Keep the copies in your office and get the originals off site – either to home or, if you work at home, round to a friend’s house.
- Rarely changing data, or data where you are only adding file to – e.g. photos. Copy to DVD or external hard drive – twice. Keep one copy off site. Recopy it all when there are changes or every 3-6 months, whichever comes first.
- Regularly changing data – e.g. accounts, Word docs, etc. Backup daily. Use a fully automated system so you don’t forget. Cloud backup is probably the best as it gets the data offsite immediately the backup is complete. Failing that use some backup software to back up to external or NAS drive. Then take it off site.
- For very large amounts of data, tape is still being used. It’s falling out of favour because of reliability issues and someone has to remember to change the tapes and take them offsite. We’re still using it on one test machine where we’re regularly re-installing & re-configuring Windows – it’s marginally faster and required less intervention once started.
Once in a while – perhaps monthly or more frequently – make sure you can recover the data from your backup. I have one client who was backing everything on to CD once a week and on the 2 occasions that they needed to recover something, the data wasn’t there. They ditched that and moved to our cloud backup service, which backed up every day, freed up 4 hours of the office manager’s time and it worked for them.
Incidentally, there’s evidence to suggest that the lifetime for CDs and DVDs isn’t what it was expected to be. It would be worth re-duplicating all your CDs & DVDs at least once a year.