NOTE: This information is for a small company with less then 25 systems and no IT dept.
As a data security sample let’s look at the above page from Acronis True Image Home. (most backup programs are similiar) Securing your data is a matter of choice not requirement. Archive protection can be as simple as a password or some type of encryption or both or none (which is my choice) . Let’s look at them with a little more of a realistic view:
- Never secure your data (as above) unless you have some type of data that could make you libel to a law suite. Odds are if you do you will forget the password or the encryption type. Most programs allow you to set a password (to use it) that should be more then enough. If you password it again in the archive you may make a mistake and end up with two similar but different password.(and never figure out what you have)
- If you have data like a employee time records farm it out to a payroll service. That way you pass the liability to the service. Do not store employee information on a computer (unless you use a fingerprint reader or hardware key) use plain old pen and paper and lock it up.
- If you must protect and encrypt use hardware protection/encryption devices not software (like above).
- Use fingerprint readers or hardware keys on machines containing critical and sensitive data.
- Turn critical systems off when the user goes home.
- Always make sure the critical files have administrative privilages and NO passwords on directories (unless you have a security department that controls what you can get to)
- Develop a password scheme for just you. If you like plants it could be a type of plant, music a song . Do not use family or pet names and birthdays. Password generators are good however, they make very difficult passwords you can get the same by adding numbers and caps in words you can remember. When you change passwords on files change the archives also or odds are you will never get in them again. I know this is a pain however, it is worth it.
- If you must connect to a remote system somewhere let the location dicate (and configure) the security. I short always pass liablity back to the to who you are connecting to.
- If you are connecting remotely end your session when you leave your system.
- Always logout and require a password to get back in.