Tag: phishing

Whether it’s due to hardware failure or simple obsolescence, most companies find themselves with a stack of laptops or a crate of desktops that simply aren’t seeing use. Whether they’re shoved into a closet at the fringes of the office or sitting in a corner of an IT experts WFH desk, these devices are taking up space.

Eventually, it becomes necessary to dispose of them. But there are two important factors to consider. The first is the environment– there are specific avenues to ensuring safe disposal. The second is security and data protection. Even factory reset machines can still contain bits of sensitive information, accessible by anyone savvy enough to know where to poke around.

If you don’t have a formal policy already, it’s important your company create and distribute one immediately, both for wiping sensitive data and when and how to dispose of the hardware itself.

Cleaning and Wiping Old Computers

When it comes to old computers that are no longer in use but contain sensitive data, simply deleting files or formatting the hard drive is not enough. These methods do not completely erase the data and leave it vulnerable to being recovered by malicious actors. To ensure your data is properly wiped:

1. Use Data Wiping Software: Utilize specialized data wiping software that overwrites the entire hard drive multiple times with random patterns of data. This process ensures that previous data cannot be recovered.
2. Consult IT Professionals: If you’re unsure about the process or dealing with complex systems, consulting IT professionals can provide expertise in securely wiping data without risking accidental data leakage.
3. Remove and Destroy Hard Drives: For extremely sensitive information or when retiring computers, physically removing and destroying the hard drives is a foolproof method. Shredding or degaussing the drives renders them unusable and ensures data cannot be recovered. In some instances, it may make sense to keep and archive the hard drives themselves.

Safely Disposing of Old Computers

Once data has been securely wiped from old computers, the next step is environmentally responsible disposal:

1. Recycling Programs: Many electronics retailers and manufacturers offer recycling programs for old computers and components. These programs ensure that electronic waste is properly disposed of or refurbished for reuse.
2. Certified E-Waste Recyclers: Choose recyclers certified by recognized standards (e.g., R2, e-Stewards) to ensure that recycling practices meet environmental and data security standards.
3. Donate or Sell Responsibly: If your old computers are still functional, consider donating them to schools, nonprofits, or refurbishing programs. Ensure data is wiped before donation or sale to protect sensitive information.

Should You Keep Hard Drives?

Whether to keep hard drives depends on your organization’s policies and legal requirements. In general:

• Data Retention Policies: Follow internal policies and legal requirements for retaining data. If data is no longer needed or if keeping the hard drive poses security risks, it’s best to securely wipe or destroy it.
• Backup and Archival: Consider archiving important data to secure storage solutions or cloud services before disposing of old hard drives.

Office maintenance isn’t just about dusting off desks and organizing files—it’s also about responsibly managing digital assets like old computers. By securely wiping data and responsibly disposing of old computers through recycling or donation, you not only protect sensitive information but also contribute to environmental sustainability.

FileMaker is an incredibly powerful tool for managing relational databases. Of course, the nature of this platform means a variety of sensitive material may be stored on these databases. From employee social security numbers to client’s banking info to company finances, it’s crucial to ensure this data is safe and secure.

Below are some easy-to-implement but powerful best-practices every company using FileMaker should utilize.

1. Implement User Authentication and Access Controls

One of the fundamental principles of database security– and digital security in general– is controlling who has access to your data. FileMaker provides robust user authentication features that allow you to control access at multiple levels. Utilize privilege sets to define different levels of access for various user roles within your organization. Implement strong password policies (including requirements for complexity and regular password changes) to enhance security.

2. Use Two Factor Authentication (2FA)

Two Factor Authentication (2FA) is the wave of the future and now is the time to embrace it. 2FA is the practice of requiring two forms of identification to log in. Typically, this is a standard password plus either an email with a unique code or an authenticator application that generates a one time password (OTP). Google, Azure, Apple ID, and AWS all offer 2FA systems; some businesses choose to utilize a custom authority setup.

3. Encrypt Data at Rest and in Transit

Encryption is essential for protecting your data from unauthorized access, both at rest and in transit. FileMaker supports encryption of data at rest using industry-standard encryption algorithms. Ensure that encryption is enabled for your databases to prevent unauthorized access to sensitive information. Additionally, use SSL/TLS encryption to secure data transmission between FileMaker clients and servers, especially when accessing databases over the internet.

4. Regularly Update FileMaker Software

Keeping your FileMaker software up to date is crucial for staying protected against security vulnerabilities and exploits. FileMaker regularly releases updates and patches to address security issues and improve overall system stability. Make it a priority to install these updates promptly to ensure that your databases are protected against known security threats.

5. Utilize FileMaker Server for Centralized Management and Security

FileMaker Server offers centralized management capabilities that streamline database administration and enhance security. By hosting your databases on FileMaker Server, you can take advantage of features like scheduled backups, automated updates, and enhanced user authentication options. FileMaker Server also provides additional layers of security, such as SSL encryption and external authentication options, to further protect your data.

6. Audit Trail and Logging

Maintaining an audit trail of database activities and logging access attempts is essential for detecting and investigating security incidents. FileMaker allows you to enable logging options to track changes to your databases, including modifications to records and access attempts by users. Regularly review audit logs to identify any suspicious activity and take appropriate action to mitigate potential security risks.

7. Secure FileMaker WebDirect Deployments

If you’re using FileMaker WebDirect to provide web access to your databases, it’s essential to ensure that your deployments are secure. Follow best practices for web server security, such as configuring firewalls, implementing SSL encryption, and regularly updating server software. Limit access to sensitive databases by implementing authentication mechanisms and access controls to prevent unauthorized access.

8. Educate Users on Security Best Practices

Finally, educating users on security best practices is critical for maintaining a secure FileMaker environment. The best security features can be rendered useless by a user carelessly sharing passwords, not following best practices, or even sharing confidential information in a phishing attempt.

Train your users to create strong passwords, recognize phishing attempts, and follow proper data handling procedures. Encourage users to report any suspicious activity or security incidents promptly.

Securing your FileMaker databases requires a combination of robust security features, regular maintenance, and user education. By implementing these best practices and staying informed about the latest security features, you can effectively protect your data from cyber threats and ensure the integrity and confidentiality of your FileMaker databases.

Of course, you can always reach out to Kyo Logic here with questions on security and how to improve. We’d be happy to help you evaluate current systems, identify opportunities, and provide you with the next steps to ensure security and compliance. We can even get a suitable training platform in place for your employees.

In an information age of cloud storage and remote collaboration, we tend to take our access to date for granted. Unfortunately, that level of accessibility is exactly what leaves businesses prone to issues– system failures, phishing and malware, and physical damage can cause sudden and catastrophic problems for companies that do any degree of business online.

Data backed up in the cloud isn’t necessarily safe, and some backup methods are more secure than others. It’s important to understand what constitutes a “good” backup system, how to proactively protect your data, and what to do if your backups fall short.

Let’s start with a sobering reality: having backups stored haphazardly or accessible to malicious actors is akin to locking your front door but leaving the windows wide open. While it may give you a false sense of security, it’s not enough to thwart determined threats. Whether it’s multiple backups stored in one physical location or backups susceptible to phishing attacks and malware infiltration, the risks are manifold.

What Threatens Backed Up Data?

Bad agents–that is, anyone looking to steal or corrupt your data– have a variety of tactics to get into your system. “Phishing” is the act of attempting to get sensitive data simply by asking for it. Hackers will often impersonate other employees or vendor representatives and request login or payment info. With the right login info, these hackers can easily access your data– no brute forcing or technical expertise necessary to even gain entry. Of course, this puts your data at risk of deletion, theft, and corruption.

“Malware” meanwhile, is software used to manipulate or damage computer systems. It could be a program that simply renders a computer useless. It could also damage entire networks of computers. Businesses backing their data up across a series of virtual machines could see malware corrupt all that valuable data nearly instantaneously.

Of course, employees wouldn’t purposefully choose to download or run malware. That’s why malware is often used in tandem with phishing– seemingly innocuous emails are sent with the intention of getting employees to click on links or run this software.

While we often think of the digital threats, there are also much simpler issues that could render your data useless. Flooding, fires, and storm damage could completely destroy physical servers. While it’s impossible to predict or fully protect against natural disasters, backing your data up across physical (and digital) locations will ensure these problems don’t wipe out everything.

What is a GOOD Backup Strategy?

So, what constitutes a “good” backup strategy? First and foremost, redundancy is key. Backups should be stored in multiple locations – both onsite and offsite – to mitigate the risk of a single point of failure. Cloud-based backups offer an extra layer of security, ensuring your data remains accessible even if your physical systems are compromised. Regular testing of backups is also essential to identify and address any vulnerabilities before disaster strikes.

Despite your best efforts, there may come a time when your backups are rendered useless. Perhaps they’ve fallen victim to a sophisticated cyberattack or succumbed to the forces of nature. In such scenarios, having a contingency plan is paramount. Whether it’s leveraging data recovery services or rebuilding your systems from scratch, swift and decisive action can mean the difference between a minor inconvenience and a full-blown catastrophe.

Having backups is non-negotiable in today’s digital landscape. However, simply having backups is not enough – they must be robust, redundant, and resilient to withstand the myriad threats lurking in the shadows. By following best practices, staying vigilant against emerging threats, and having a solid contingency plan in place, you can ensure that your backups are more than just a safety net – they’re a lifeline in times of crisis.