Kevin Williams - Strategic Development Lead
Gone are the days when you physically need to carry important documents and data around with you. Whether travelling to see a client in your town, a business advisor or partner in your county or pursuing a business development opportunity nationally or internationally. You no longer need to carry those important business documents or presentations with you physically. How embarrassing would it be leaving your sensitive presentation on a train!
Technology offers us great opportunities if we understand the risks and mitigate them. Firstly, do you actually need to travel for the face-to-face meeting? Applications such as Skype, Weber, Join.me and gotomeeting.com, offer video conferencing and screen sharing. Make use of the applications’ security features to make sure there are no snooping eyes. The basic levels of these applications are free as well. Remember, only download software and apps from trusted sources (e.g. App Store).
Applications (or Apps) for secure communications also make life much easier for sharing your thoughts in confidence or sharing files that you do not want seen by others; apps such as WhatsApp, Telegram, Signal - Private Messenger. What’s important about these? They use end-to-end encryption, that said if you leave the device you use to access these apps unlocked others can view the now unencrypted messages. So make sure all your electronic devices automatically lock with a password or pin. Also if you backup your messages, make sure the backups are encrypted. While you are considering your devices, also consider employing anti-virus for your mobile devices to protect from cyber criminals taking them over.
File sharing applications
Rather than take your presentation with you, why not send it ahead of time? Making use of Google Drive, Microsoft OneDrive, Dropbox or Apple iCloud are great ways for sharing but also collaboration. Always think of looking at the security features offered and switch them on, consider deploying two factor authentication when logging in. Remember nothing is infallible, if you have left you passwords in a little black book in your desk drawer, then others can access it and your data, beware of your insider threats. You could consider using password keepers or managers.
If only email will do, then think about how you can protect and secure your email messages. Email from Google users to other Google users is encrypted while in transit via products such as Gmail, but is unencrypted on your device. Microsoft Office 365 encrypts your data while it’s on their servers and while it’s being transmitted between you and Microsoft. Additional encryption can be added using tools such as OpenPGP, commonly known as PGP. The Free Software Foundation has developed its own OpenPGP-compliant program called GNU Privacy Guard (abbreviated GnuPG or GPG), GnuPG is freely available.
Encryption
Ensure you utilise encryption for all your devices, especially when that encryption is built in to your device or software. For example switching on Apple’s FileVault allows you to encrypt your laptop, don’t forget to encrypt your back ups as well. Simply save your Time Machine backup as an encrypted backup disc. A lot of Windows 10 PCs (particularly tablets and hybrids) now ship with encryption enabled by default. To check and see if yours has encryption already running, go into the Settings and click System > About. From there, you can turn Drive Encryption on if your device supports it.
Beware of Wifi
Whilst away from the office consider avoiding free use wifi hotspots in hotels, airports, etc, when inputting passwords and sharing sensitive data. If you can’t avoid it, consider using a cheap to buy VPN - virtual private network. It effectively creates a private tunnel across a public network, securing your transactions and Internet traffic from others on the same network.
The opportunities are boundless. If you apply the right security stance it could save you time, improve your opportunities and ensure the safety of your documents and ideas. It also lets you record what you sent to who and when. Something that may help you with even more scrutiny about protecting your customers data in the modern world.
Password guidance can be found at:
https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach
What does the NCSC think of password managers?
https://www.ncsc.gov.uk/blog-post/what-does-ncsc-think-password-managers
