Data Security

Best practices to minimize your risk

June 1, 2018

Dispatches, by Nicole Hennig

One of the most important things you can do to protect your data is to safely back it up on a regular basis. If you’re like many people, you either don’t have backups at all, don’t have recent backups, or don’t have all of your devices and data backed up. Having both local backups and cloud backups will protect against data loss.

Some examples of cloud backup services are Backblaze, iDrive, Carbonite, and SpiderOak One. They are designed to routinely back up all your computer files to an encrypted remote location, with easy ways to restore them in case your computer is lost, stolen, has a virus, or is otherwise destroyed. They usually provide a way to “set it and forget it,” with an app that you set up once and that runs silently in the background. These services usually have a reasonable monthly or annual fee.

Even if you keep most of your important files in a service like Dropbox, it’s still a good idea to have a dedicated backup service like Backblaze because it will handle complete backups automatically and make it easy to restore files quickly. Sync services like Dropbox or OneDrive are excellent for keeping files in sync between mobile and desktop computers, but they don’t usually offer the option of a private encryption key for your most sensitive files. In addition, they don’t keep previous versions of files, and they don’t back up everything—only files you put in a special location on your computer.

Your password is only as secure as the least secure site where you used it.

One thing that most people don’t think about when they use public Wi-Fi hotspots is how easy it is for their internet traffic to be viewed by hackers. For example, if you are in a coffee shop or airport with free Wi-Fi, it’s possible for people to set up technology that grabs your traffic and analyzes it without your knowledge. They often look for usernames and passwords for services they could benefit from accessing.

Another useful tool that can help protect you is a browser extension called HTTPS Everywhere. You can install it in Chrome, Firefox, and Opera browsers, and it will force the use of HTTPS on all pages where it can be used. Websites must enable that use, and not every website does, so this isn’t a complete solution.

An even better solution is to use a VPN when on public Wi-Fi. VPN stands for “virtual private network.” It’s software that encrypts the connection between your computer and the internet, using something called a “secure tunnel.” All of your traffic flows through that tunnel and can’t be accessed by eavesdroppers. It’s worth using a paid VPN solution to get a quality product that works well and doesn’t slow down your computer. My favorite VPN service is ExpressVPN. It’s available for many platforms, uses very strong encryption, and it doesn’t keep logs of the sites you visit.

Using the same password everywhere (or in a few of the same places) is a bad idea. That’s because your password is only as secure as the least secure site where you used it. If a particular site gets breached and hackers steal the usernames and passwords, the first thing they will do is attempt to use those same credentials on other sites, like banks, Amazon, PayPal, or other sites where they can benefit financially.

Using a password manager like 1Password by AgileBits can help. A password manager is an encrypted database that securely stores all of your passwords. You need to remember only one master password to unlock the app. Your master password is never transmitted over the internet, so it’s unlikely to be compromised. Typically, password managers can generate secure, hard-to-crack passwords for you and provide browser plug-ins that will autotype the password into login pages so you never need to remember them. There are quite a few options when it comes to choosing a password manager. A recent review from Wirecutter recommends LastPass (a free option) as well as 1Password.

Taking these measures will make it more difficult for your data to be stolen or hacked.



New Trends in Library Security

From religious rights issues to vaping to ransomware, how to address emerging safety concerns at your facility

Your files have been encrypted

When Ransomware Attacks

How three libraries handled cyberextortion