Tag: security

“Mr. Coca Cola” -or- Hackers never sleep: Protecting Data at rest

Data at rest is stored data that isn’t currently being used or transferred.

For instance, at the Coca Cola factory: when Mr. Coca Cola sends all the “cola artists” (I’m assuming he calls them that) home for the evening, the secret recipe won’t be needed for at least another 8 hours.

Mr. Ebenezer Coca-Cola (artist’s rendering)

So of course, he just takes the piece of paper with the secret recipe on it, and sticks it to his personal office vending machine with a refrigerator magnet, and heads home to watch “Fired Up,” right? Wrong!

First, “Fired Up” went off the air years ago, lasted only two seasons, only aired briefly in syndication and is not available on Netflix. Not even star Sharon Lawrence has any copies. It’s gone gone.

Second, Mr. Coca Cola needs the secret recipe to remain a secret. During the day, he can personally add the ingredients for Coca Cola to the giant mixing vat located in earthquake-proof bedrock five miles below the factory floor. But at night. At night he needs to store the recipe safely, while it is Data at rest. That’s because a) it’s always night somewhere b) hackers never sleep.

So what he really does is quite simple: he encrypts the file that contains the recipe. Only Mr. Coca Cola and the President of the United States know the password to decrypt it. The recipe is safe until tomorrow morning.

The end.

Next time…protecting Data in motion.

What is your favorite Sci-Fi series?

View Results

Loading ... Loading ...

Encryption: “♫ Doo-dot, deeyowwww, da-doo-daaa! ♫”

That’s what James Bond sings to himself as he walks down the street, or skis down a bobsled run as he’s being chased by henchman on motorcycles with ridiculous spikes on their tires. Unless he’s listening to Astley.

Singing to himself in the face of mortal danger: that kind of confidence comes from years of training and discipline, and the knowledge that all of his secret spy files are safely encrypted.

Now you can enjoy that same level of confidence when you need to keep information safe. It’s called encryption, and it’s pretty simple to use, with a free program called 7-zip. If you want to learn how to do it, watch the slideshow below. You can come back here any time to get a refresher:

Which of these actors only played James Bond in one film?

View Results

Loading ... Loading ...

Cranium Control Panel: Protecting “Data in Use”

Sensitive data is arguably at its most vulnerable to hackers and looky-loos  when it is in use by someone who needs to work with it to do their job.

data-in-use
“Aha! I see the problem. You got some water weed in your floatatronic propeller extrapolator!”

To work with encrypted data, you need to take it out of it’s encrypted “vault.” While it’s in that decrypted state, it is easier to steal or alter.

Here are a few simple things you can do when you’re working with sensitive information to help keep the data secure:

  1. If possible, save a version of the data that doesn’t contain the sensitive information, and work with that. If you only need to count the number of records, or do some other work with the data that doesn’t involve the sensitive portion of the info, you can, say, remove the sensitive columns of a spreadsheet and do a “save as…” of the file.
  2. Re-encrypt the data as soon as you’re done working with it. Don’t leave sensitive in an unencrypted form when you’re not using it.
  3. Lock your computer when you’re away from it.
    1. Mac: ctrl-shift-eject
    2. PC: lock

 

What is a way to protect data in use?

View Results

Loading ... Loading ...

 

Next time: Protecting Data at rest.

data-at-rest-ha-ha

IT Pop Quiz – Are you Treksperienced? -or- The Three States of Data

A very simple quiz:

Q: In your job, do you deal with other people’s Personally Identifiable Information?

Q: Are you a Star Trek fan?

A: If you answered, “yes,” to one of these, this post is relevant to you. Read on!

This is a quick explanation of the “three states of data,” that are important to consider when protecting Personally Identifiable Information:

  1. Data in use
  2. Data at rest
  3. Data in motion

data-in-use

Data in use:
Data in use is data that is currently being worked on by an employee to do their job (usually on a computer, but could also be a printout of the data, etc.)

 

data-at-rest-ha-ha

Data at rest:
Data at rest is stored data that is not currently being used.

 

 

1998 Brent Spiner stars in the new movie "Star Trek: Insurrection."Data in motion:
Data in motion is data sent over networks, like an internal network, or the Internet.

 

 

Why should you care? Different states require different handling. For instance, Data at rest can be encrypted to keep it safe from prying eyes and hackers. Data in use is by definition unencrypted: you have to decrypt it to work with it. That potentially makes the data more vulnerable, and different measures need to be taken to ensure its security.

Data in motion also needs special consideration. You could encrypt a file before sending it to someone over email, but how do you get the decryption key to them? If you send that over plain email, you’ve defeated your own security.

The next post will cover some key ways to handle Data in use.

LastPass: stuff you need to know

Now that you have a LastPass account…

Wait…you do have a LastPass account, don’t you? No? That’s ok, read this first, then come back.

Now that you have a LastPass account, there are a few important things to do (and to avoid) to make sure you get the most out of it while keeping the security of your passwords intact.

Here’s your initial checklist (explanations of how to do each of these follows this list):

  • Set an idle timeout in the browsers you use.
  • Set LastPass to log you out when you close your browsers.
  • Lock your computer when you leave it.

Set an idle timeout in the browsers you use, and have LastPass log out when browsers are closed:
This will make sure that you don’t stay logged on to LastPass indefinitely, which is a security risk. You’ll want to follow these steps on your computer and any computer you use LastPass on.

Click on the LastPass icon in your web browser: (Internet Explorer, Firefox, Chrome, Safari, etc:
lp-extension-button

Select Preferences:

Check the two security boxes, with the values below, then click Save.lp-browser-close-idle-timeout

Lock your computer when you’re away from it.
This is pretty easy. On Windows, press the windows key + L
lock
This will lock the screen so that you have to enter your password upon returning to your computer.

On Mac it’s, um…let me Google that.
[…Google-ing…]
On a Mac it’s CTRL + SHIFT + EJECT, or in picture form:

ctrl-shift-eject

To recap, do these three things:

1 & 2) Tell LastPass to log out when you close your browser and Set an idle log out time

 

3) Lock your computer when you’re away from it.
windows = lock

mac = ctrl-shift-eject

Awesome. Thanks for doing that. Remember, you can’t spell “Security” without “U”!

CC BY-SA by Zeusandhera

 

LastPass: You’re about to free up some valuable Brain RAM.

Hi, it’s me: LastPass! I am here to help you be more awesome.

Time to install me on your computer, and reap the benefits of having secure passwords, without the burden of having to remember them all!

Go to LastPass.com.
Click the big red “Download Free” button.

If you’re using Firefox or Chrome:
You’ll be prompted to add an extension to the browser. Follow the prompts.

If you’re on Internet Explorer:

  • On the next page, click the red Download button.If your computer asks you whether you want to Run or Save the file, choose “Run.”
  • If your computer just downloads the file, open the file after it downloads.
  • Follow the install instructions, and answer “Yes” to questions about whether you want to allow the program to continue.
  • This installation has multiple steps, but shouldn’t take more than about 10 minutes. The plugin will be installed into your default web browser. Let Bill know if you have any trouble. NTCHelp.net is the place to do that.

Once I’m installed, go to this page to learn the basics (opens in new tab).

Thanks!

Your friend and password manager,
LastPass

p.s. If you came here from “LastPass: stuff you need to know,” click here to go back to that post.

Meet your new password manager, LastPass!

Hi, I’m LastPass!

lastpass-icon
I’m a red square with an asterisk in it! Or maybe I’m a snowflake on a red trampoline! I live in your browser and on your phone!

Some call me “The Last Password You’ll Have to Remember,” and I’d have to say: that’s pretty accurate!* My job is to make it easy to secure your passwords. You only have to remember one (sufficiently strong)** unique master password.

How I work, in a nutshell:

Instead of typing in your username and password to sites you visit (or having your web browser remember them, which is convenient but generally very insecure), you log into LastPass (that’s me!), and I enter your username and password for you.

Or, in video form:

In my next post, I’ll explain how to install me on your computer. It’s pretty easy, not to mention “required by NTC’s Information Security Policy.” Which is really another way of saying, “It’s fun!”

Your Friend,

LastPass

*   (There may be a password or two you’ll have to keep in your head, but the majority of passwords  you can “set and forget”)

** How strong is a “sufficiently strong” master password? For NTC, it means your password must be at least 8 characters, and have at least one letter and one number, and it must be unique, as in you are not using it for anything but your LastPass master password.

August is NTC Security Month! Let’s celebrate!

It’s hard to believe it’s August already, and that means…the First Annual NTC Security Month!

hooray
Image credit: Me

There are so many mandatory fun things to look forward in this month-long celebration of NTC’s commitment to information security. Here’s a sneak preview list of what’s coming down the pike…

  • Stretch your creativity, as you create a new, more secure password for logging in to Windows!
  • New Password Manager:  having to remember passwords on the web will be a thing of the past!
  • Learn special “Secret Agent” skills for encrypting and decrypting sensitive information!
  • New “cloud” Antivirus to keep the bad guys at bay!
  • Learn the simple tricks the pros use to keep their computers and information secure!
  • And more!

So go to the store, buy a hat, and hang on to it, because NTC Security Month is just getting started!