Privacy

What are Best Practices for Data Security?

Data security relies on defense-in-depth, so there are many parts to a best-in-class data security program. But what is sufficient in one industry may be criminally negligent in another.

Best practices should be adopted to achieve the industry’s minimal expected data security level.

1. Data Governance

Data governance is data management 101. Information is grouped into different buckets based on its sensitivity and legal requirements. To limit the risk of data exposure from leaked credentials, users should only have access to the least amount of data they need to do their job.

2. Secure Privileged Access Management

Secure Privileged Access Management (PAM) is integral to a data security strategy. PAM empowers organizations to control the permissions of all users so that sensitive data and intellectual property documentation are only accessible by those that absolutely require it. With a secure PAM strategy, cybercriminals will have difficulty accessing all sensitive data types if they breach an IT boundary. This is especially an important security control for highly regulated industries like healthcare.

3. Encryption

Encryption can protect against man-in-the-middle attacks and make it harder for potential attackers to gain unauthorized access to stored or in transit information. Never store sensitive data in plain text and avoid providing login credentials to websites that lack SSL certificates.

4. Education

Teach staff how to recognize common cyber threats to transform them into human firewalls Some of the most popular cyber threats staff should be aware of include: Phishing attacks, Email spoofing, Domain hijacking, Ransomware attacks, and Different forms of malware attacks, Social engineering attacks.

Besides cyberattacks, staff should also be trained in best cybersecurity practices such as avoiding public Wi-Fi networks and the basics of OPSEC and network security. The complexity of cyberattacks is rapidly rising, so it’s no longer acceptable to solely rely on antivirus programs to prevent malicious code injection. Cybersecurity train needs to become a standard inclusion in staff onboarding programs.

5. Data Security Testing

Test your organization’s data security by sending fake spearphishing campaigns and dropping USB traps around the office. Understand that it is easier to prevent data breaches than rely on digital forensics and IP attribution to understand what happened once a data breach has occurred. Once exposed, data can easily end up for sale on the dark web; many of the biggest data breaches end up there.

6. Incident Response Plan

When your security is compromised, the last thing your organization and your customers need is panic. An incident response plan can limit the amount of data exposed and outline clear next steps to recover lost data or close the attack vector.

7. Regular Data Backups

Ransomware attacks targeting data centers on-premises or accidental deletion devastated business continuity, but this can be avoided with regular backups and a Data Loss Prevention (DLP) program.

8. Secure Deletion

Avoid hoarding data no longer in use, including physical data like folders or paper documents. That said, comply with industry guidelines or regulations that dictate how long you must store data.

9. Third-Party and Fourth-Party Vendor Monitoring

Data breaches are often caused by poor security practices at third-party vendors; you need to monitor and rate your vendors’ security performance. An ideal solution should include a real-time automation component to security posture lapses to ensure that attack surface disturbances are rapidly addressed. According to the latest data breach report by IBM and the Ponemon Institute, automation controls could reduce data breach costs by up to 80%.

10. Accidental Data Exposures and Leaked Credentials Monitoring

Data isn’t always exposed on purpose; this is why it pays to continuously monitor your business for accidental data exposures and leaked credentials.

November 5, 2024 by Brian Privacy 0

How to Store Data Securely on a USB Flash Drive

Photo by Lc on Unsplash

It is strongly advised that you avoid storing confidential information on a USB flash drive and choose more secure storage devices to ensure the safety of your data. The compact size of USB flash drives makes them convenient to carry but also increases the chances of losing or stealing them. This vulnerability poses a severe threat of data loss, leaks, and breaches, which can result in significant financial loss and damage to the reputation of organizations.

Using a flash drive, follow these 7 tips to secure your data.

Buy an Encrypted USB.

Encryption secures sensitive data by making it accessible only to those with a decryption key. When purchasing a flash drive, opt for a military-grade one with 256-bit AES hardware encryption, the most robust algorithm.

Other features to look for in an encrypted USB flash drive include:

Tamper-proof protection
Anti-virus scanning
Brute-force protection
Password protection
TAA Compliance
Remote management capabilities
FIPS 140-2 Certification (Level 3)
Compliance with industry security standards, such as HIPAA, SOX, and GLBA.

2. Use USB Encryption Software.

Microsoft Windows users can use BitLocker to encrypt their flash drives instead of buying an encrypted flashdrive. Note that encryption hardware provides better security than software.

Microsoft’s instructions for enabling BitLocker are available below:

View instructions for enabling BitLocker in Windows 10
View instructions for enabling BitLocker in Windows 11‍

3. Have a Backup

You may only recover the stored data if your flash drive is recovered, stolen, or damaged. Even if a lost or stolen flash drive is returned, you shouldn’t use it again as it could potentially have ransomware or another type of malware installed. The best assurance of recovering the data on your flash drive is to have a backup of all files saved in another storage location, such as cloud storage.

4. Delete Data After Use.

After you have saved, edited, and transferred your data from a USB stick, it is recommended that you delete it immediately. You should then remove the flash drive from the USB port and store it securely to prevent any possibility of losing it or having it stolen.

5. Install Anti-Virus Protection

With different types of malware emerging daily, keeping your software up-to-date is crucial. Use antivirus software that offers malware protection across all endpoints, including hard drives, USB devices, and SD cards – one can infect all.

6. Keep Software Up to Date

Zero-day exploits take advantage of unpatched software vulnerabilities – a common attack vector that can have devastating consequences. Cybercriminals can easily access, edit, and steal data from vulnerable systems and devices, including USB storage. Installing software updates as soon as possible prevents cybercriminals from taking advantage of these vulnerabilities. Most operating systems, including Microsoft Windows, Mac OS / Apple iOS, and Linux, offer auto-updates to ensure you remain protected.

7. Use Alternative Storage Methods

Flash drives, there are better answers than not to take your data security seriously. Even the most secure USB drives differ from modern data storage methods, like cloud storage. Cloud services offer many innovative security features, such as the Secure Access Service Edge (SASE). SASE is a cloud security model that leverages firewalls, cloud access service brokers (CASBs), secure web gateways (SWG), and zero-trust network access (ZTNA). Cloud security mechanisms include Cloud Security Posture Management and Cloud Infrastructure Entitlement Management (CIEM).

Despite their strong security capabilities, like all third-party vendors, cloud services carry third-party risks and other risks specific to their functionality. Organizations and individuals must conduct due diligence to ensure their cloud providers are following appropriate data security requirements.

October 18, 2024 by Brian Privacy 0

What is a Seedbox?

Photo by Taylor Vick on Unsplash

A seedbox is a dedicated, high-speed server for downloading and uploading files. Most people rent seedboxes to achieve very fast torrent or Usenet transfers. Typically, you will see speeds from 100Mbps (8 MB/s) to 10Gbps (1250 MB/s) on a seedbox.

A seedbox also allows you to avoid ISP throttling and bypass eavesdroppers like the RIAA or MPAA.

Today, there are many seedbox providers — most are run by individuals or small companies. These seedboxes have some of the best feedback from customers:

How To Use A Seedbox

Generally, seedboxes are set up so that you can install Usenet and torrent applications quite easily.

Once the files are downloaded to the seedbox, they can then be downloaded to your computer via HTTP, FTP, SFTP, or rsync protocols. You can also directly stream the media from the seedbox with an application like Plex.

Some seedboxes may provide VNC connection or remote desktop protocol on some Windows-based machines. This allows many popular clients to be run remotely.

Seedbox Providers

These are my recommended seedbox providers:

RapidSeedbox offers root access and many apps available as “one click installs” including Plex and OpenVPN. Accepts bitcoin, 14 day refund policy. €15 euro ($18 USD) month-to-month.
DediSeedbox also offers OpenVPN and Plex as a “one click” install. Root access to your own VPS. Good disk space allowances (1TB with the $15 per month plan).

August 18, 2023 by Brian Privacy 0

No Social Media, No Cellular Data

Photo by camilo jimenez on Unsplash

As we confront the onset of 2020 with the force of a charging bull, it feels apt to formally document my New Year’s Resolutions for this year.

I’ve distilled my aspirations into two, but they carry a significant weight.

Truthfully, these transformative changes have been simmering in my thoughts for several months, if not years. Both are centered around refining how I interact with computers, enhancing my overall quality of life and happiness.

The essence of computing should enrich our lives, improve them, and elevate our happiness. If any aspect of the technological landscape—hardware, software, services, or features—contributes to discomfort, perhaps it’s time to contemplate letting it go.

My inaugural Resolution for 2020 is a seemingly simple yet essential shift that I’ve passionately advocated for throughout my journey, as followers of my timeline may already be aware.

No More Social Media.

Indeed, I am resolving to eliminate social media from my life entirely. This encompasses platforms such as X, Facebook, LinkedIn, Reddit, YouTube, and their equivalents. No more engaging in posting, reading, liking, commenting, or re-sharing content on any of these services or their analogs. While I’ll maintain the accounts to prevent impersonation, they will be closed off from active use.

I am convinced that the concept of Social Media is inherently flawed. This realization has been percolating in my mind for quite some time. Regrettably, I found myself succumbing to the addictive nature of these platforms, only to conclude that they do not contribute a net positive impact on my life, both personally and publicly.

Tried to quit social media in 2019. I failed.

In 2020, I’m embarking on another attempt at redefining my online presence. While I bid farewell to Social Media, I must note that my departure from these platforms doesn’t equate to a complete disconnection from the digital realm (yes, I still hyphenate that word). I will maintain accessibility through email, both the traditional Internet version.

Anticipating a spectrum of reactions, some will assert, “Impossible!” while others will confidently declare, “So easy! I already do that!” There might even be a handful lurking in the corners of the globe, crafting random mean or snarky remarks on X. The beauty of it all? I won’t be privy to any of it. So, feel free to snark away — it’s all good from my perspective.

Honestly, I’m guessing I won’t be the only one with such a resolution for 2020… here’s hoping we all succeed.

No More Cellular Data Service.

As my second New Year’s Resolution, I’m taking a decisive step by discontinuing cellular data. This means bidding farewell to smartphones equipped with ever-present Internet connections, be it an iPhone with 4G, an Android phone with 5G, or even a Linux-oriented phone boasting a speculative 17G connection (or whatever G designation they decide on by the close of 2020).

I find modern smartphones’ “always connected” nature to be stress-inducing and negatively impacting my quality of life. While there are certainly some benefits… the negative aspects of being constantly connected are simply too strong. I’ll still let myself have a phone. But my phone… will just be a phone. When I’m walking around town, I have no Internet connection. I’ll be offline without sitting at my computer (“In the real world”).

Maybe I’ll have two devices- one PDA (I’m bringing that acronym back) and one phone. Perhaps I’ll settle on a single PDA-Phone (just without any 2G/3G/4G/5G/whatever connection). I haven’t decided on that part yet.

Thus far, things have gone relatively smoothly. Over the coming days, I’ll keep my smartphone turned off and see if any problems crop up. I’m sure there will be some inconveniences — we’ve all gotten so used to smartphones with always-on data connections — but I am anticipating, based on how it has gone so far, an overall positive experience leading up to January 1st.

Does anyone expect to be on their deathbeds and have their final thought be, “Darn, wish I would have liked a few more things on X?” Or, “I wish I would have spent more time surfing the web on my cell phone while at dinner with my family?”

Will these changes positively impact my life and overall happiness (which is already pretty high, but why not shoot for even better)? Will any inconveniences crop up that are insurmountable? Will I experience gains (or losses) in productivity?

January 23, 2022 by Brian Privacy 0