27 Jun Five Things You Can Do to Protect Your Computer Data
Based on my FBI experience working computer hacking cases and our current cases here at TEC Inquiries, I’m sometimes asked, “What is the most important thing we can do to protect our data?” Based on my experience, here are my top five things to do to protect your data. They apply whether you are a person, family, small business or a large corporation.
1. First, identify your sensitive data. Have a plan to back up the data in a separate and secure location. – While people think their biggest threat may be hackers, in truth my experience has shown a bigger threat comes from our own incompetence as well as random acts such as fire/equipment failure. It’s not uncommon for big companies to fail to identify their most sensitive information whether this be emails, customer databases, or proprietary software. It’s important to have backup copies of this information in case the original is lost.
2. Second, have a plan to discover and mitigate attacks. Include logging as part of the plan. It’s surprising, but many businesses aren’t looking out to see if their data is being compromised. Then, once a compromise is detected, they often don’t have any logs to find out where the attack came from or what they did. Ask yourself, “What would we do today if we were informed our network was compromised?” – Whatever your response to this question is should form the basis for your plan and will show you how what areas you are lacking.
3. Routinely check your databases for injection attack vulnerabilities. This was the most common form of attack I saw in the FBI. (Along with Business Email Compromise). So, make sure your databases connected to the internet are updated. This means you need to keep everything associated with your website updated!
4. Related to 3, is to create and implement patch management plan for all your systems. Most operating systems like Windows get updated regularly and companies do a good job keeping up with this. However, most companies have no idea what types of software they are running and they allow their employees to download and run their own software as well. These applications have their own vulnerabilities to hackers and need to be updated just like the operating systems.
5. Create policies and procedures to deal with email attacks via attachments and embedded links. Again, related to 3, hackers can get into your system, or cause damage, because you or your employees are opening links or attachments sent by email which come from hackers.
These are my top five steps to mitigate threats. Next time, I’ll provide the next more five steps to further secure your data.