Tech and Data: How to Make Sure it Stays Secure THE Tech Scoop December 29, 2015 Tech Hackers and identify thieves can create severe setbacks for any organization. Customers are reluctant to do business with a company that’s been compromised. But there are working solutions that go a long way to protecting sensitive data. Encrypt Your Data This is the cover-all solution to preventing data theft. Despite all the stories about hackers, encryption is still your best bet, and easy to implement. Microsoft has provided EFS (encrypting file system) support since Windows 2000. This enables users to encrypt data at a file-system level. Some features can be mandated via Group Policy settings. There are many 3rd party vendors providing software that automatically encrypts data when writing it to disk, and decrypts it when retrieved into memory. This software can be purchased at a network level or in affordable PC-level packages. Multiple levels of encryption provide multiple levels of data security. Take Advantage of Permissions Administrators can set permissions for network shares which determine which files users can access. But that doesn’t protect files on a local computer from unauthorized users. If a computer may be used by more than one person, or is not physically secured, file-level permissions and auditing are advisable. Users should be reminded of policies such as logging out, password-protecting sensitive documents, and establishing permissions for the files on their computer. Policies can be difficult to enforce across a large organization. Fortunately there are companies such as Stealthbits that provide solutions for managing active directory resources across the enterprise. Active directory is the service Microsoft provides for authenticating and authorizing users and computers across a Windows network. Protect Data in Transit Data can be captured when sent over the Internet by hackers with sniffer software. You can help protect data if both sending and receiving computers are configured to use IPsec (Internet Protocol Security). It uses ESP (Encapsulating Security Payload) to encrypt IP packets. It is configurable through your computer’s TCP/IP settings. Be warned, there are rumors that this is one of the protocols targeted by the NSA for data mining. Wi-Fi transmissions, if anything, are less secure. Anyone with a high-gain antenna can capture them. If sending sensitive data via Wi-Fi devices, be sure to use a service that provides encryption. WPA2 is considered the most secure method. Operating systems and software come and go, but the one unique thing in your computer storage is data. Preserving and protecting it should be the priority of any security plan.