Graham Hill is Information Security Manager at UWL and he lead sessions looking at how to stay safe online and make sure you don’t lose your data.
Why do backups?
Around 10 years ago I switched from Windows and bought an eye-wateringly expensive Macbook Pro to do music on. After a couple of weeks of installing, migrating and composing, I accidentally poured wine into it, quite a nice organic red as it happens. Some weeks later when I got another equally pricey Macbook Pro I was pleased to find that the backup I had taken had worked flawlessly – all my stuff was back, tho’ I was now broke. I am fan of backing up.
Graham explained the 3-2-1 rule, which basically says:
- Have at least three copies of your files, such as the original and two backups
- Back up in two different ways (in case the method itself doesn’t work)
- Have at least one offsite
Many people backup their computers to an external disk, which is fine but what if your house floods or you’re burgled and the computer and backup devices are pinched? This happened to a friend of mine. Keep a backup at a separate location.
You can use cloud-based systems such as Amazon, Google & DropBox (for personal items) or OneDrive but bear in mind that these aren’t backups in the traditional sense. They usually provide a means for you to sync your files across mutiple devices and share folders with colleagues and friends. Thus – you can edit a file on one device and the changes get moved over to the others. This is great for collaboration – but less great when one of the devices is compromised – say you share your folder with someone who uses a Windows laptop that gets infected with a ransomware virus that encrypts all the files it can find. The cloud-hosted files it has access to could be changed (scrambled) and that will filter through to each device you have. So share folders with caution.
That said, OneDrive is supported by UWL and offers a huge amount of storage, so it’s a very useful place to store files. We’ll see more of this as SharePoint starts to replace the ‘conventional’ shared drives at UWL.
Emailing a copy of an important file to yourself was a popular technique with the audience, however for sending important documents out to other people it’s better to never to attach a document, but have it in OneDrive and send a link to it, that way you retain control (you can disable the link for example).
Talking of email, it’s important to keep personal and institutional work email separate. Don’t use personal email for business and vice versa.
Online identity & security
Phishing is a huge problem, with realistic fake emails inviting people to click on links to compromised web sites. However it isn’t just email, with criminals using phone and social media as extra channels.
Be careful what personal information you put online, as it may be there for ever. Graham recounted stories of people getting over-excited about their new credit cards and posting images of those online. Likewise photos of offices have gone online, with visible post-its of passwords stuck on the wall. Needless to say, never write a password down.
Online identity is a huge area. Employers are starting to look at social media profiles when they recruit candidates, so it’s important to have a professional presence. I find it’s useful to have two separate Twitter accounts, one for work and one for everything else, but I still take care in what I say on either.
Making USB safer
Graham demonstrated a handy widget he had – a USB adapter that basically only lets power through – but no data. This means you can use it to plug your phone into a PC to charge, safe in the knowledge that no data transfer can take place. A bonus is that you’ll get a better charging time too, as some computers restrict the current they provide based on what device they detect being plugged in.
As we were leaving we spotted a student had left a PC logged in. We could have read their email, sent some apparently from them etc. We logged it out – but it shouldn’t need to be stressed:
- always log out!
And now I’m off to revise my backup strategy….