personal data security - part 2
DESCRIPTION
A continuation of the Personal Data Security slideshow, Part 2 digs deeper into backups, strong passwords, anti-malware protection, and centralized data. This includes cloud vs. local backups, full vs. incremental, and recommends cloud backup services. Also reviewed is Network Attached Storage, including RAID 1 and recommended models of NAS. Strong passwords are reviewed, including password vaulting and password generators. Cleanup only malware apps are suggested and phishing detection and prevention is covered in more detail.TRANSCRIPT
From the Kindle book
Understanding Personal Data
Security
Personal Data
Part 2
Security
NAS Review
In Personal Data Security, you learned that a NAS is centralized storage with multiple drives
— It achieves centralized data archival/access
— It involves data redundancy (which = security)
Upgradeable
—When a drive crashes, you can replace it
—Saves the expense of purchasing a new NAS
—Zero downtime of data access
Two Types of NAS
Fixed Disk — The least desirable, least flexible
— If one drive dies, the unit is toast
— Entry-level; one and two drive models available
Open Bay / Swappable Drives —When a drive dies, simply swap out for new
—No need to purchase a new NAS, only a new drive
—Models offer 2-8 bays; 4 bay recommended
—Some sold pre-populated and configured
RAID & RAID 1
Redundant Array of Independent Disks
Available only in multi-drive NAS units
Many different levels of RAID; do RAID 1
—RAID levels 2-6 are performance-oriented
RAID 1
—Employs data mirroring (onsite backup)
—Data mirroring = data written to multiple drives
—The more drives, the greater your security
Reputable NAS Models
Buffalo
—Low-cost leader for NAS units
—LinkStation 210: $120 for 2 TB
—LinkStation 220: $210 for 2 TB; $275 for 4 TB
Qnap
—Professional, rugged styling, higher prices
—TS-220: $210 for two-bay diskless model
—TS-220: $470 for two-bay 3 TB pre-populated
Reputable NAS Models
Seagate —Two models: NAS 2-Bay and NAS 4-Bay
—Both feature Seagate’s NAS-optimized drives
—NAS 2-Bay: Diskless, $175; 4 TB, $300; 6 TB, $390
—NAS 4-Bay: Diskless, $360; 4 TB, $600; 8 TB, $830
Synology —Enterprise-level quality; can get expensive
—America DiskStation 4-bay: Diskless, $400
—America DiskStation 4-bay: 12 TB, $1,200
Reputable NAS Models
Western Digital (WD) —Wide selection, consumer prices, good quality
—2-bay model, 2-20 TB, RAID 1 preconfigured
—2-bay: 2 TB, $250; 4 TB, $350; 8 TB, $500
—4-bay: 4 TB, $500; 8 TB, $700; 20 TB, $1,300
Wrapup —If you’re a business, look to Qnap or Synology
—If you’re a consumer, look to Buffalo, Seagate, WD
—Seek models prepopulated with drives and RAID 1
Disk Imaging vs. File & Folder
Disk Imaging (disk cloning) —Backup copy of complete drive and computer
—This means everything, including the operating system, hidden files (goes beyond personal data)
—Method to preserve a full computer, not just data
File & Folder Backup —More common and what is recommended
—Backs up specific files and folders, not the OS
—Way to preserve personal data, not a computer
Full vs. Incremental Backups
Full Backups —Must be performed the first time you backup
—Copies each and every file you specify
—Can take a long time (sometimes multiple days)
Incremental Backups —Copies only the files added or changed since
the last backup
—Much faster than a full backup
—Always run an incremental backup
Local vs. Cloud Backup
Local Backup
—Redundant physical copies, onsite or offsite
—Copies you make using a spare drive in a NAS or a USB 3.0 external hard drive
Cloud Backup
—Involves a service, like CrashPlan or Apple iCloud
—Upload files to “the cloud” (an internet server)
—Freemium pricing model; storage a consideration
Backup Services & Software
Cloud Backup Services
—Amazon Cloud Drive, Mozy, Backblaze, Carbonite, Microsoft OneDrive, Livedrive, Google Drive
—Can be very slow, especially during peak usage
Backup Software
—Apple Time Machine (Mac OS X only)
—Second Copy (Windows only)
—Windows 7 Backup and Restore
A Word about Offsite
Remember the 3-2-1 Backup Rule —Three copies of your data, with one offsite
Offsite = out of your neighborhood
Not truly secure until current backup is offsite
Why? Natural disasters and theft —If all of your backups reside in your home, how
likely is a fire, flood, or theft?
—How about other natural disasters, like tornadoes, hurricanes, and typhoons?
Password Review
Generally speaking, longer is better
“Strong” passwords have common traits:
— Complex (mix of letters, numbers, and symbols)
— Random (no personal details or patterns)
— Unique (no patterns or repeats from others)
Must have diff password for each account
Must update all passwords every six months
Must tell no one; as in no one
Passwords: How?
Unique passwords on each account and updates every six months seems impossible —Nearly no one actually does this
—This means you and most others are vulnerable
Must employ password vaulting & generators — Vaulting app = memorize only a single password
— Vaulting app stores all of your strong passwords or long passphrases in a single place
— Password generators great for random & unique
Password Generators
Web sites, applications, or mobile apps
—Web sites are risky; not recommended
—Mobile app in your smartphone is best route
Reputable password generators
— Norton Identity Safe Password Generator
— random.org
— Strong Password Generator
— PC Tools Password Generator
Password Vaulting Apps
Practice of storing many passwords behind a single, very strong “master password” — Sometimes called password managers
— Because same password on multiple accounts is a serious security vulnerability
Reputable password vaulting apps — LastPass (free or premium accounts)
— Password Genie ($15/year for desktop; mobile apps)
— Dashlane (free and $30/year versions)
— RoboForm ($10/year, includes auto form filling)
Password Strength
Complicated math behind calculating resiliency
— You already know the basic rules: longer is better, should be random, complex, and unique
Howsecureismypassword.net
— Helpful tool for testing password strength
— Don’t use one of your actual passwords
— Submit passwords similar to one of yours
— Great tool for educating yourself
— Compare short, simple passwords with long, complex
Malware / Virus Review
Use caution with freeware/shareware
—Freeware often carries adware, spyware, and other forms of malware
Either avoid freeware or do your homework
— Download only from reputable sources (like CNET’s download.com)
— Even Oracle’s Java software tries to install adware
— Carefully read the install screens of freeware install wizards (most schemes are opt-out)
Cleanup Only Anti-Virus
When the poop hits the fan, what to do?
—If your virus definitions become out-of-date (because your anti-virus subscription expired)
—If you really screw up and have no anti-virus software on a particular computer
Malwarebytes Anti-Malware 2.0
— $30 on Amazon, with lifetime subscription
— Won PC Magazine’s 2014 Editor’s Choice award
More About Phishing
Phishing = fraudulent attempt to get your account info, including password and SS #
Most phishing attempts masquerade as eBay, PayPal, or your bank
Best way to avoid being a phishing victim: Don’t click the link in the email lure
To learn more, visit onguardonline.gov
—Forward phishing email to [email protected]
Advice about Malware
Remember, when it comes to viruses and malware, the best medicine is prevention
Always run anti-virus software on every computer in your home
—Single unprotected PC on your home network could act as a gateway for hacking or infection of all other computers and connected devices
Keep anti-virus subscription current
These slides are derived from the Amazon Kindle book
Understanding
Personal Data Security
by Curt Robbins
Other Books by Curt Robbins
Home Theater for the Internet Age
Understanding Cutting the Cord
Understanding Digital Music
Understanding Home Theater
About Curt Robbins
Blog: Middle Class Tech
Flipboard magazine: Middle Class Tech
Twitter: @CurtRobbins