I am putting together some tips on data security. This is not the most air tight security setup, but it is good enough to protect against basic security threat and they are relatively simple to set up.
Strong Password
Will not elaborate on this as there are plenty of articles out there on this. My rule of thumbs is that the password is at least eight characters, with combination of alphabet, number, and special character. I also suggest not to use the same password for all logins. Example, don't use the same password for your Hotmail account, Skype and company online system, so that they don't all get compromised just because one does.
Google Apps (Google Suite)
We run a lot of our software in SaaS (Software as a Service) and most of them integrate with Google Apps authentication for single sign-on. This would mean if someone gain access to my Google Apps login, he will gain access to a lot of my company data. I enabled "2-step verification" on my Google Apps account and I installed a Google Authenticator on my BlackBerry. What happen now is that whenever I login to Google Apps with a new device, it will require my password and also a 6-digit PIN generated by Google Authenticator. I can choose to save it on the device for 30 days (and I will have to re-enter the PIN after that). Since the PIN is time sensitive, you need to make sure the timezone setting on your phone and Google Apps is the same, and more importantly the time cannot be off for too much (this was the first issue I encountered when setting this up). Another challenge would be to set up all the applications that integrated with Google Apps, like you Calendar, Address Book, E-mail apps, on iPhone, iPad, Blackberry, even Google Chrome Sync, since your password is no longer the real password without the PIN. You will need to manage all these passwords here, you can generate a different password for different apps (it is recommended to do so instead of using one password for all apps in case you need to revoke the access of one particular apps). So far, I will just need to generate once for every apps, the only time I need to re-generate one is when I reinstall my device OS or wiping out the configuration. Good thing about this is that now I can login to my Google Apps account on a public computer (like in a cyber cafe, hotel's computer, airport computer, etc) if I really need to, I just need to make sure that I don't check Remember this computer for 30 days when entering the PIN generated by my mobile phone and also to log out when I'm done.
MacBook Pro
First thing I did was to set myself to run as "Standard User" under System Preferences > Users & Group. This setting will prompt for admin credential whenever I change any settings under System Preferences that is locked or whenever I want to install an app. Besides that, here are some of the security settings under System Preferences > Security & Privacy that was not turned on by default:
 |
| Photo credit: Pixabay |
Strong Password
Will not elaborate on this as there are plenty of articles out there on this. My rule of thumbs is that the password is at least eight characters, with combination of alphabet, number, and special character. I also suggest not to use the same password for all logins. Example, don't use the same password for your Hotmail account, Skype and company online system, so that they don't all get compromised just because one does.
Google Apps (Google Suite)
We run a lot of our software in SaaS (Software as a Service) and most of them integrate with Google Apps authentication for single sign-on. This would mean if someone gain access to my Google Apps login, he will gain access to a lot of my company data. I enabled "2-step verification" on my Google Apps account and I installed a Google Authenticator on my BlackBerry. What happen now is that whenever I login to Google Apps with a new device, it will require my password and also a 6-digit PIN generated by Google Authenticator. I can choose to save it on the device for 30 days (and I will have to re-enter the PIN after that). Since the PIN is time sensitive, you need to make sure the timezone setting on your phone and Google Apps is the same, and more importantly the time cannot be off for too much (this was the first issue I encountered when setting this up). Another challenge would be to set up all the applications that integrated with Google Apps, like you Calendar, Address Book, E-mail apps, on iPhone, iPad, Blackberry, even Google Chrome Sync, since your password is no longer the real password without the PIN. You will need to manage all these passwords here, you can generate a different password for different apps (it is recommended to do so instead of using one password for all apps in case you need to revoke the access of one particular apps). So far, I will just need to generate once for every apps, the only time I need to re-generate one is when I reinstall my device OS or wiping out the configuration. Good thing about this is that now I can login to my Google Apps account on a public computer (like in a cyber cafe, hotel's computer, airport computer, etc) if I really need to, I just need to make sure that I don't check Remember this computer for 30 days when entering the PIN generated by my mobile phone and also to log out when I'm done.
MacBook Pro
First thing I did was to set myself to run as "Standard User" under System Preferences > Users & Group. This setting will prompt for admin credential whenever I change any settings under System Preferences that is locked or whenever I want to install an app. Besides that, here are some of the security settings under System Preferences > Security & Privacy that was not turned on by default:
- Under General, set Require password immediately after sleep or screen saver begins. Make it a practice that when you are away from the device (for a toilet or water break), click Control-Shift-Eject to send the display to sleep and hence locking it immediately.
- Turn on FileVault and save the recovery key. This will encrypt the hardrive and make it inaccessible without proper login credentials. It will prevent non-authorizer from accessing the data inside the hardrive using external disk reader tools without the recovery key.
- Turn on Firewall and check Automatically allow signed software to receive incoming connections. Generally, firewall is good to have and I don't see this firewall creating much problems during day-to-day usage.
Other Devices
Since I'm using Blackberry and iPad to access some of the systems, I also make sure that the device is password protected and auto locking time is set to minimal.
Comments
Post a Comment