Skip to main content

Some tips on data security

I am putting together some tips on data security.  This is not the most air tight security setup, but it is good enough to protect against basic security threat and they are relatively simple to set up.

Photo credit: Pixabay


Strong Password
Will not elaborate on this as there are plenty of articles out there on this.   My rule of thumbs is that the password is at least eight characters, with combination of alphabet, number, and special character.  I also suggest not to use the same password for all logins.  Example, don't use the same password for your Hotmail account, Skype and company online system, so that they don't all get compromised just because one does.

Google Apps (Google Suite)
We run a lot of our software in SaaS (Software as a Service) and most of them integrate with Google Apps authentication for single sign-on.  This would mean if someone gain access to my Google Apps login, he will gain access to a lot of my company data.  I enabled "2-step verification" on my Google Apps account and I installed a Google Authenticator on my BlackBerry.  What happen now is that whenever I login to Google Apps with a new device, it will require my password and also a 6-digit PIN generated by Google Authenticator.  I can choose to save it on the device for 30 days (and I will have to re-enter the PIN after that).  Since the PIN is time sensitive, you need to make sure the timezone setting on your phone and Google Apps is the same, and more importantly the time cannot be off for too much (this was the first issue I encountered when setting this up).  Another challenge would be to set up all the applications that integrated with Google Apps, like you Calendar, Address Book, E-mail apps, on iPhone, iPad, Blackberry, even Google Chrome Sync, since your password is no longer the real password without the PIN.  You will need to manage all these passwords here, you can generate a different password for different apps (it is recommended to do so instead of using one password for all apps in case you need to revoke the access of one particular apps).  So far, I will just need to generate once for every apps, the only time I need to re-generate one is when I reinstall my device OS or wiping out the configuration.  Good thing about this is that now I can login to my Google Apps account on a public computer (like in a cyber cafe, hotel's computer, airport computer, etc) if I really need to, I just need to make sure that I don't check Remember this computer for 30 days  when entering the PIN generated by my mobile phone and also to log out when I'm done.

MacBook Pro
First thing I did was to set myself to run as "Standard User" under System Preferences > Users & Group. This setting will prompt for admin credential whenever I change any settings under System Preferences that is locked or whenever I want to install an app.  Besides that, here are some of the security settings under System Preferences > Security & Privacy that was not turned on by default:

  • Under General, set Require password immediately after sleep or screen saver begins.  Make it a practice that when you are away from the device (for a toilet or water break), click Control-Shift-Eject to send the display to sleep and hence locking it immediately.
  • Turn on FileVault and save the recovery key.  This will encrypt the hardrive and make it inaccessible without proper login credentials.  It will prevent non-authorizer from accessing the data inside the hardrive using external disk reader tools without the recovery key.
  • Turn on Firewall and check Automatically allow signed software to receive incoming connections.  Generally, firewall is good to have and I don't see this firewall creating much problems during day-to-day usage.
Other Devices
Since I'm using Blackberry and iPad to access some of the systems, I also make sure that the device is password protected and auto locking time is set to minimal.

Comments

Popular posts

Is AsiaWorks a scam?

First of all, let me disclose that I have attended the training, I did my AsiaWorks Basic training back in 2012, then Advanced and Leadership Program (LP) in 2014.  All these three trainings were conducted under Asiaworks Training Sdn Bhd in Malaysia.  The reason I'm writing about this is because when I did a Google search on "AsiaWorks review", almost all results point to negative reviews.  Best yet, some of these reviews are from hearsay of the writer's friends, family members, colleagues, etc.  I will bring you through my journey based on my first-person experience.


Cult and Secrecy
Imagine someone told you Bruce Willis is dead before you even watched the movie "Sixth Sense" (sorry to those who have not watched "Sixth Sense").  This is the main reason why they want to keep the content of the course so secretive.  The course is designed to let you have a closer look at how you operate in your life via exercises.  If you know the exercise in adva…

Malaysian woman searching for her son separated at birth

If you are a Malaysian male (of Chinese/Malay ethnicity) and were born on October 28, 1977 (plus minus a week), please read on.

You may have been told by your parents that you were adopted at birth, or you may doubt that you were adopted, or you may even have started looking for your birth parents with no avail.

I have just got to know that a friend's mom has a son who she has given away at birth.  She was then a 19-year-old young lady and she wasn't sure what to do with the unexpected pregnancy.  She insisted on not aborting the baby and followed her mom's advice to give the baby away when the baby was delivered in a clinic in Petaling Jaya, Malaysia.  She didn't get to see the baby at all and the only information she had was that the couple who adopted the baby are Malaysians (of Chinese ethnicity) in their 40's back then.  Her mom has passed on now and she has limited information on where to look for her son.

She is a grandma in her 50's now and she has nev…

5 words to avoid in your life

This is one of my favourite quotes:

"Watch your thoughts; they become words. Watch your words; they become actions. Watch your actions; they become habits. Watch your habits; they become character. Watch your character; it becomes your destiny." -- Lao-Tze

Words are good reflections of your thoughts.  In order to watch your thoughts, observe the words that came out of your mouth.  Here are some words to avoid or at least to be aware of when you are using them, especially when you use it regularly.

1.  "I will try."

As Yoda said, "Try not.  Do, or do not."  Make up your mind on whether you want to do it or not.  If you want to, then do it.  If you don't want to, then don't do it, don't try to do it.  Telling others that you will try leaves such a big backdoor for you not to do it.  It is also a way for you to lurk in the grey zone.  For example, if you were asked whether you will be going to an event, "I will try to be there" basically mean,…