Part of GDPR is protecting users’ data, businesses are obliged to think about privacy when designing systems. Protecting data is also common sense. Who would deal with a business that can’t reliably store data? This post is about using some practical (and free) tools to reduce risk for a small business.
In the world of Information Security (InfoSec) and ISO 27001 people talk about the CIA triad; Confidentiality, Availability & Integrity. These are the three common sense threats that we all must protect against to keep information secure.
Confidentiality is the obvious one, when customers data leaks, businesses get bad publicity and now face a fine for GDPR breaches from the DPC in Portarlington. Availability is not quite as obvious, but losing access to your accounts and customer data could debilitate any business. An example here is 2017 WannaCry cyber-attack, where Ransomware renders data on hard disks unreadable and users are blackmailed into paying for a unlock code. Integrity can be a bit more subtle, normally data is compromised by disgruntled employees. But the impact on a business can be equally devastating: for example what if you couldn’t be sure your list of debtors was correct?
For large scale businesses with separate well-resourced IT departments, we have a list of recommendations. For small and micro businesses, we need a different solution. These three Open Source SW applications can be key to protecting your data, and best of all they are free.
To keep your disks safe, we suggest VeraCrypt an open source utility that will encrypt a section of your disk for you to store your sensitive files. That way if anyone steals or otherwise gains access to your disk the files are not readable.
When you are finished with a disk or a data file you should make sure that no hacker can recover these old files. File Shredder uses a selection of 5 different shredding algorithms to permanently obliterate old or unwanted files.
Besides physical disks, most people now keep data in cloud based servers protected by passwords. Generally these systems have pretty good security, provided you use unique, hard to crack passwords. But given that 55% of net users use the same password for most, if not all, websites, the password itself becomes a weakness. Since most humans can’t remember large numbers of obscure passwords, Password Managers are now required. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password and the rest are locked with the most secure encryption algorithms currently known (AES and Twofish). Try KeePass to keep your passwords safe.
Use of these three tools wont solve every information security issue, or achieve GDPR compliance, but they will quickly help protect your business. This will give you a breathing space to deal with all the other demands on your time