Recent Events

Encryption and Information Security

 

Jessy Irwin and Tracy Maleeff

Tracy Maleeff, Principal, Sherpa Intelligence, and Jessy Irwin, a security and privacy professional, discussed some issues around information security. Tracy did a survey that asked respondents the biggest concerns they had about security, and the most often one mentioned was data privacy. Companies are starting to recognize that data is a liability because it is something to steal.

Here are some issues to consider.

  • What are we using our data for and why are we collecting it? Retention is one of the most important concern; you probably do not want to keep a 30 year old database online!
  • Be sure you are following the best practices possible because someone will always find a way to steal your passwords. If you are not updating your operating system, there is not much point in using strong encryption.
  • Backups are very important; be sure your policy matches what you actually do.
  • Collect the least amount of data necessary for your operations, which will require training for staff members.
  • Sometimes people will create security work-arounds, which may be an indication of a system that is too inconvenient to use easily.
  • How can libraries create encryption programs and balance the dissemination of their information?

Encryption comes in 2 types: open and closed source. Closed source encryption means the tools are not available from the provider.  Many people like open source tools because they are readily available. The most important place to start focusing on encryption is the web browser. Make users aware of the lock symbol indicating secure browsing.

One tool that you can use is a password manager. Keep answers to security questions in your password manager, and let the manager generate your master password. Password reuse is the biggest privacy and security problem on the internet.

Some points to remember:

  • Sometimes you cannot tell if your account has been breached. Have I Been Pwned is a blog that will tell you.
  • Turning off auto-update is an easy and simple thing to do. Sometimes the updates will crash your system; it is a good idea to wait a day or two before applying the patch.
  • Data insurance can force you to take a responsibility for security of the data in your environment.
  • Everyone in a community must work on security. See staysafeonline.org, a website of the National Cyber Security Alliance.
  • What hackers really want is an open network, not things like homework, library book catalogs, etc.

 

Comments are closed.