How can I keep my data safe *and* accessible?

Published Jun 12, 2013 by

Your business has data vital to its operation.  Think about it for a moment: if all of a sudden you lost, or were unable to access, your most vital data, how would it affect your business?  Would it grind day-to-day operations to a halt, or would it be a minor inconvenience?  The answer to that question will help identify your data storage and backup needs.  Either way, it costs you time and can seriously affect your bottom line.

Resiliency and Redundancy

Resiliency and redundancy are two measurements that can be used to evaluate the effectiveness of a variety of technological systems.  In the case of data storage, resiliency describes the ability to avoid data loss through reliable hardware, software, and security measures.  Redundancy describes data duplication in the case where hardware, software, or security has failed.  Both are important to take into account when selecting storage solutions.

Ease of use

More important than either of these measurements, arguably, is “ease of use”.  You have to be able to use your “resilient” and “redundant” data.  If every time you want to access or backup a file, you have to enter a code to a vault and plug in an external hard drive, you will probably avoid that procedure any chance you get.  The best storage and backup solution you can have is one you do not have to think about to use.

Network Storage

There are many cost effective network storage devices available for the small-to-medium scale business that provide data resiliency, which we may cover specifically in another post.  On these devices, data is often split across several hard drives in such a way that loss of any single hard drive means no data loss.  Network storage devices provide ease of use for in-office data storage.  However, anyone who works out of the office will quickly realize their data is not as easily accessible as they may like.

Cloud Storage

There are numerous services available to store your data “in the cloud” (as with the network storage devices, I will leave evaluation of these services to another post).  Access to your files through these services has been made relatively easy these days, to the point the files almost feel like they are on your local machine.  Cloud storage solutions are excellent, until you do not have access to the Internet.  Just like Network Storage, if you do not have access to the network where the data is stored (in this case, the Internet) then you do not have access to the data.  Security is also certainly a concern on an external service, but stick with a company with a strong security track record and use a strong password for yourself and you will be pretty well set.

Combined Storage and Backup Solution

A great way to ensure the resiliency, redundancy, and ease of use of your data is to combine a network and cloud storage solution.  Data stored on an office network device can be automatically backed up to a cloud storage service for remote access as well as disaster recovery situations.  Remote users can also use the cloud storage to back up their devices.

Security

Whatever data storage solution you choose, do not forget about security: strong passwords, physical access restrictions (lock your network closet please), and encryption.  With data duplication comes an increased amount of potential access points to that data.  If you are storing any kind of personal or proprietary information, encrypt it.  TrueCrypt is an excellent (and free!) tool for file or whole drive encryption.  Data encryption adds a little more complexity to the mix, but can be as easy to work with as entering one more password in the beginning of each day.

 

Get started by thinking again about the importance of data to your business.  What is your storage solution today?  How can it be improved?  Talk to a Little Reed expert for advice.

Security · Storage and Backup

What makes a password great?

Published Apr 30, 2013 by

Monkey, ninja, baseball, football: Words related to hurling inexplicably fast objects towards unwitting onlookers?  Not this time.  These are just four of the top 25 most stolen passwords in 2012, as reported by splashdata.comStolen is the key word here.

Two methods for stealing login credentials are:

  1. Guessing the password based on general or personal information (birthdays, spouse’s name, child’s name, workplace surroundings)
  2. Cracking a web site or server, gathering huge lists of login credentials (often not even encrypted)

Method 1 is what I will call “local threats” where the intruder probably knows you, and at least has direct access to your workspace or public-knowledge-information.  Method 2 is a “remote threat”, where an attacker is not necessarily targeting you, per se, but rather a large segment of users in which you have been included.

To protect yourself from these methods, create a password that incorporates each of the following suggestions:

Make it a “Strong Password”

The generally accepted definition for “strong password” is one of at least eight characters in length with uppercase, lowercase, number, and special (.!@# etc.) characters.  This, however, is a bare minimum recommendation.  A good password uses as many characters as you are willing to remember, and although a “strong password” is a great defense, it is not the whole defense.

Make sure it has nothing to do with you or your workspace surroundings

Password on a Post-It (Original photo by Pavel Krok)

Remove that Post-It from the bottom of your keyboard right now! Go ahead, I won’t look.

This is an important step to follow in order to avoid password theft using method 1.  Assume everyone knows everything there is to know about you.  Now, choose a password with that in mind.  “St@nford98” might be considered a “strong password”, but when you hang your 1998 Stanford degree above your computer monitor, that may be one of the first things someone tries when they sit down at your desk.  Also, you may have the strongest, most random 26 character password in the world, but if you have it written down anywhere, someone will find it.

Make it easy enough to remember

Picking a word or phrase with an easily recallable number association is a great way to come up with a password, but make sure the word is an obscure reference that nobody would think to guess.  Pick an insignificant detail from a memorable event.  For example, I recently took my daughter to her first baseball game and we had lunch together there in the 7th inning: “H@mburgerInThe7th”.  It does not mean anything to anybody but me, and I can remember it fairly easily so I do not have to write it down.

Make it unique to the web site you are creating it for

This is a very important aspect to password security.  In the case that a web site has failed to properly secure your log in information, it is important that one compromised password does not compromise every account you own.  One method I have come up with provides two fail-safes to protect your password:  Copy and paste a portion of the domain name of the website you are accessing as the start of your already-strong password: my password for google.com becomes “gooH@mburgerInThe7th”, my password for twitter.com becomes “twiH@mburgerInThe7th”.

With unique passwords, a compromised Twitter password does not also result in a compromised Google password.  Also, physically copying and pasting that portion of the domain every time makes you look at the domain name.  That means if you are the target of a phishing attack at twtter.com (notice there is no “i”) and you cut and paste “twt” for the start of your password, not only will they not get your real Twitter password, but you will probably not attempt to log in when you realize you are not actually at “twitter.com”.

Change your passwords

Finally, with all these suggestions in mind, it is time to stop using “password1”.  Coming up with a good password for new log-ins  is great, but it does nothing to protect what is already out there.

Configuration · Security