Protect Yourself From Data Theft

OK, I may be a little paranoid, but maybe a little paranoia is acceptable when it comes to personal data security. On my home server I have attached a 1 TB external USB hard drive. It contains basically my entire digital life on it all the way back to papers I wrote in high school up through pictures of my wedding and the births of my children, to today. The thought of someone breaking into our house and stealing our stuff is scary enough, but to think that they would also have access to all of my digital info takes that fear to a whole 'nother level. Not that someone wants my sophomore paper on To Kill a Mocking Bird, but passwords, copies of drivers licenses, social security cards, birth certificates, and other stuff might be of interest to a person with malicious intents.


So to prevent the misuse of my data, I encrypted the entire hard drive. I used a Freeware program called TrueCrypt. It allows users to encrypt entire drives and/or file folder containers. I opted to encrypt the entire drive for my external storage device. When the power to the drive is disconnected, the USB is unplugged, or the computer is shut down, the encryption service disconnects and the drive must be remounted using the correct password. This should prevent the average smash and grab criminal from gaining access to the data inside the drive, should they even attempt to do so. I am not an authority on cyber crime, but would not be surprised if this was a common occurrence, or at least an emerging trend.

This setup makes it a little inconvenient since I have to enter the password to remount the drive when rebooting the computer. Unfortunately, it houses all of our stuff, so until it is mounted, the FTP, media libraries, and other content is unavailable. However, for the most part, the home server that it is connected to stays powered on. I also recently disabled automatic Windows updates which caused occasional unanticipated restarts. Also, the PC and the drive are hooked up to a UPS power backup to prevent disconnects and/or reboots from power flickers or short outages.

One way I am still vulnerable is if someone brings a PC to my house and plugs into my network, or if someone logs onto one of my PCs and actually sends out or saves out my files. Although, I am not expecting anyone to pull a Mission Impossible 6 on my data, I think I need to consider what I could do to close that gap.

Also, recently I have been wanting to upgrade my storage to RAID mirrored Network Attached Storage (NAS). But the next question I have is how do I keep someone from getting access to the data on those drives if stolen. Also, I would like my periodic backup to the drive in the fireproof safe to be completely automatic, and more frequent than every three months, which is how often I do it manually now. I think that NAS drives generally leave the data completely unprotected in terms of encryption and none of them offer an affordable theft and fire resistant enclosure. So, anyone that can connect to it will have access to the data. I don't know if the NAS devices can even be encrypted. Something to think about a little more.

Portable thumb drives are also important to protect. These are extremely easy to loose. Think about it, what would you do if someone had all of your thumb drive data? Do you even remember what all was on it? Would it make you vulnerable?

I decided to encrypt most of my thumb drive after I lost it for about a week. I keep a readme file on it with my contact information, so that if it is found, an honest person could return it. But not knowing where it was or who might have it was killing me. Was someone looking at my data; my budget, my contact lists? Was everyone else listed in my files exposed now because of me (keeping data on them and now loosing it?) To remedy this worry for files on my thumb drive I opted for an encrypted file container which takes up about two-thirds of the space on the device. This contains my portable files. The other third of the device contains the TrueCrypt installation executable (to install on other computers), a local thumb drive installation of TrueCrypt that can be run off the thumb drive itself, and a bit of unencrypted free space for quick file transfers. Now, I can sleep at night if I loose the device, knowing that if found, the only data available is my "return to me" readme file containing my contact information.

Some would argue for the use of cloud services for data storage, but I don't always have a fast internet connection, sometimes don't have any internet access, storage is often limited, and are those services really keeping your data secure? I prefer to keep my data under my control.

Overall I feel a lot safer with the systems that I have put in place to protect my data and recommend that you do the same, or similarly protect yourself, or at least consider what could happen if your data was made public. 

1 comment:

Natural gas tankless heater said...

Important for everyone in this age of tech