Share this article:
Knowing What You Can and Can’t Control to Prevent a Data Breach
Keeping people from gaining access to your personal information online is a nearly impossible task in the modern world. What you can do however is ensure that the information which is out there is as well protected as possible. Doing this is a multi-step process for us, the members of the general public. The first step is to always use secure passwords for all the websites that we access. As tough as this can be to do, different passwords should be used for each website that we log into. Memorizing these passwords can be a tricky process, which is why software programs called Password Managers are available. These Password Managers safely store the usernames and passwords for websites within them. This way we can use a different, secure password for each website which we use without having to memorize each and every password.
Most of these applications include a way to sync the data between machines, so that if you have multiple computers, a desktop and a laptop for example, you can have access to all your passwords on both machines. Some of these applications even include an app for your phone so that when browsing the web on your phone you still have access to your passwords.
These password manager applications, also require a password in order to be secure, but this is just a single password which needs to be memorized.
The second thing which should be done is using two factor authentication, which is discussed in more detail in the book Basics of Digital Privacy. The basic idea behind two factor authentication is that there are two pieces to the password. One which you know (or have saved in a password manager) and the other which is a random code which is generated by either a fob or an application such as an application installed on your phone. When these two passwords are combined the combination of the two values both being correct is what allows you to access the website or application. This is more secure than just a password, due to the fact that if someone wants to break into your account for the website they need to have your username, your password and physical access to your phone in order to get the code which the application has generated. As more than 99% of attacks to a website account happen without the attacker having any idea where the account holder lives or looks like the odds of an attacker getting access to your phone for their attack is minimal at most.
The third part, which is the most important is the hardest for us the general public to control, the security of the websites which we choose to do business with. The only way to control this is to choose to only do business with companies who have correctly secured their websites and data. The problem here is that companies aren’t going to tell you that they have problems. Any company that you ask will tell you that the data in the systems is fully secured, even if it isn’t. All we can do is hope that they are doing what needs to be done in order to secure their data, and hope that if they aren’t that the data isn’t downloaded by people who shouldn’t have access to it.
Denny’s books, The Basics of Digital Privacy and Securing SQL Server are available on the Elsevier Store.
Use discount code “STC215” at checkout and save up to 30% on both copies!
About the Author:
Denny Cherry (MCSA, MCDBA, MCTS, MCITP, MCM) is the owner and principal consultant at Denny Cherry & Associates Consulting. He has been working with Microsoft technology for over 15 years starting with Windows 3.51 and SQL Server 6.5. In 2009, Denny was named as a Microsoft MVP for the Microsoft SQL Server product, and in 2011 Denny earned the Microsoft Certified Master certification for SQL Server 2008. Denny has written dozens of articles for a variety of websites as well as print magazines on a variety of subjects including SQL Server, Clustering, Storage Configuration, and SharePoint.
Securing computer systems is crucial in our increasingly interconnected electronic world. With so many business, consumer, and governmental processes occurring online, a growing potential exists for unauthorized access, change, or destruction of those processes. For years, Elsevier’s Syngress imprint has helped computer and information security professionals learn theory, strategy, and tactics for protecting digital assets in this constantly evolving field. Our books and eBooks in areas such as info security, digital forensics, hacking and penetration testing, certification, and IT security and administration. Click here for Syngress companion materials Click here for access to our archive of free eBooks, booklets and downloadable PDFs for Syngress and Computer security content. Access companion materials and instructor’s resources for all our books from the Elsevier Store. Search by author, title or ISBN, then look for the “Resources” tab on any book page.