Adsense header

Some tips on data security

I am putting together some tips on data security.  This is not the most air tight security setup, but it is good enough to protect against basic security threat and they are relatively simple to set up.

Photo credit: Pixabay


Strong Password
Will not elaborate on this as there are plenty of articles out there on this.   My rule of thumbs is that the password is at least eight characters, with combination of alphabet, number, and special character.  I also suggest not to use the same password for all logins.  Example, don't use the same password for your Hotmail account, Skype and company online system, so that they don't all get compromised just because one does.

Google Apps (Google Suite)
We run a lot of our software in SaaS (Software as a Service) and most of them integrate with Google Apps authentication for single sign-on.  This would mean if someone gain access to my Google Apps login, he will gain access to a lot of my company data.  I enabled "2-step verification" on my Google Apps account and I installed a Google Authenticator on my BlackBerry.  What happen now is that whenever I login to Google Apps with a new device, it will require my password and also a 6-digit PIN generated by Google Authenticator.  I can choose to save it on the device for 30 days (and I will have to re-enter the PIN after that).  Since the PIN is time sensitive, you need to make sure the timezone setting on your phone and Google Apps is the same, and more importantly the time cannot be off for too much (this was the first issue I encountered when setting this up).  Another challenge would be to set up all the applications that integrated with Google Apps, like you Calendar, Address Book, E-mail apps, on iPhone, iPad, Blackberry, even Google Chrome Sync, since your password is no longer the real password without the PIN.  You will need to manage all these passwords here, you can generate a different password for different apps (it is recommended to do so instead of using one password for all apps in case you need to revoke the access of one particular apps).  So far, I will just need to generate once for every apps, the only time I need to re-generate one is when I reinstall my device OS or wiping out the configuration.  Good thing about this is that now I can login to my Google Apps account on a public computer (like in a cyber cafe, hotel's computer, airport computer, etc) if I really need to, I just need to make sure that I don't check Remember this computer for 30 days  when entering the PIN generated by my mobile phone and also to log out when I'm done.

MacBook Pro
First thing I did was to set myself to run as "Standard User" under System Preferences > Users & Group. This setting will prompt for admin credential whenever I change any settings under System Preferences that is locked or whenever I want to install an app.  Besides that, here are some of the security settings under System Preferences > Security & Privacy that was not turned on by default:

  • Under General, set Require password immediately after sleep or screen saver begins.  Make it a practice that when you are away from the device (for a toilet or water break), click Control-Shift-Eject to send the display to sleep and hence locking it immediately.
  • Turn on FileVault and save the recovery key.  This will encrypt the hardrive and make it inaccessible without proper login credentials.  It will prevent non-authorizer from accessing the data inside the hardrive using external disk reader tools without the recovery key.
  • Turn on Firewall and check Automatically allow signed software to receive incoming connections.  Generally, firewall is good to have and I don't see this firewall creating much problems during day-to-day usage.
Other Devices
Since I'm using Blackberry and iPad to access some of the systems, I also make sure that the device is password protected and auto locking time is set to minimal.

Company laptop and the software needed


I'm a strong supporter of open-source, freeware and SaaS (Software as a Service).  We have recently switched half of our company's computers into MacBook Pro.  Here are a list of software that we installed (or not installed, if we are using SaaS) for common office tasks on all MacBook Pro.  Most of them work on Windows as well since we were previously living in that world.

Photo credit: Toni Cuenca

Text document, Spreadsheet: OpenOffice (Free)
Presentation: Keynote (USD19.99).  We previously used OpenOffice for presentation.
E-mail, Calendar, Address Book: Google Apps (Free for 10 users)
Anti-Virus: None, however we do run as Standard User instead of Admin on our MacBook.  We previously used Avast on our Windows computers.

I am a strong advocate for Google Mail (part of Google Apps) as I have used Microsoft Outlook/Outlook Express, Mozilla Thunderbird and some webmail solutions, but nothing come close to Google Mail, in the sense of uptime and functionality (multi tagging is one of the most amazing features).

Ever since I switched over to Google Mail couple years ago, I no longer need to download e-mails and attachments for five to ten minutes every morning.  I no longer need to constantly back-up my e-mails, and I no longer need to delete some indexing files in Thunderbird or Outlook just to get the e-mails working again.  And of course, I no longer needed to duplicate an e-mail just to fit them into two separate folders.  And not to mention, a search that really works!

Google Calendar is my first exposure to shared calendar couple years back and now I couldn't understand how I could have lived so long without it.  We also use it to reserve meeting room (by creating a calendar that automatically accept invitation if it is not busy for every meeting room and have corresponding calendar invited if meeting room is needed).

Google Contact is the centralized repository of all my contacts.  Before iOS/Android era, I was a strong supporter of Sony Ericsson and I sync'ed all my contacts from my phone to my laptop using software provided together with the phone.  I took the pain couple years back to manually transfer all the contacts into Google Contact and now I sync my Blackberry, iPhone, iPad and MacBook Pro address book to Google Contact using Exchange.  Any update in any device will update the rest automatically over internet via 3G/Edge/WiFi.  The reason for sync'ing MacBook Pro address book is mainly for offline purpose and for other apps that work with address book.



Integrating dropbox into company's file system


Background
We need a file system to backup all our laptop data files in real-time manner.  We also need a file system to share files among team members.  In previous company, we set up a NAS (Network Attached Storage) and configured backup script that automatically run every morning to backup files from each laptop to the NAS.  We also set up shared folders in the NAS for file sharing purpose.  The shortcoming of the file backup system is that it is not so real-time and it can only run when the laptop is connected to the office LAN (Local Area Network).  The shortcoming of file sharing system is that we can only access the file when connected to LAN or via VPN (Virtual Private Network) when working remotely.

Challenges
Some of the policies that our company (team of seven as of writing, and we don't intend to get bigger than 30) follows when adopting a IT solution is that:
a) Minimal setup cost
b) Minimal, if not zero, hardware (disaster recovery and office mobility planning)
c) Minimal maintenance in the future

Solutions that We Adopted
File Backup
We subscribed all team members to Dropbox Pro 50 monthly plan.  All team members downloaded and installed Dropbox client on their laptops.  We then moved all the data into Dropbox folder.  This solution works offline as well since a copy of the file actually resides in the local drive (while a copy reside in the Cloud).  We get real-time backup since Dropbox sync automatically (in real-time manner) to the Cloud whenever we are online.  This solution also protect against accidental deletion of file, as we can always go to Dropbox website and recover deleted file (only within 30 days for Pro 50 plan).

Added on 2012-05-19: I have recently subscribed to Packrat feature at additional USD3.99/month and that gives additional back-up beyond 30 days.

Results: We can now backup files automatically in real-time manner and it can be done anywhere in the world as long as we are online.

File Sharing
We created a folder called "Sharebox" and shared it among all team members.  Since the number of files can outgrow the local hardrive space (especially if we decide to upgrade to Dropbox Team plan with 1TB of space), we decide to turn off "Sharebox" sync'ing (via Dropbox > Preferences > Advanced > Selective Sync).  We use Dropbox website to browse, download and upload files and folders.

Results: We can now share files among the team members from anywhere in the world as long as we are online.

UPDATE (2014-08-20): We have recently migrated from Dropbox to Google Drive mainly due to the attractive pricing of Google Drive (1TB for USD9.99 per month) and easier integration and user management with our Google Apps. 



Hello world!

Has always been wanting to maintain a blog and finally get to actually do it. I am not sure if I'm a good writer but I figured topics like business, photography, IT and life may not need fanciful words. A little bit about myself: I run a digital marketing agency and I have been previously involved in a few start-ups, some make it and some don't, but I learnt and experienced different things from each and every one of them. By training, I am a programmer, hence the title of this post.

Photo credit: Pixabay

Popular Posts