Trust and IT
Aug 3, 2023
Data Privacy

Small businesses have more options than ever when faced with the decision on where to keep their data. That data can be the regular easy to identify documents, spreadsheets and payment information or it can be things like your contact lists, project plans or proprietary processes. You have some options for how all this can work for you. I’ll go over a few here.

First Tier – SaaS

There aren’t may options that are easier than storing all your digital stuff on one of the many Software as a Service platforms out there. Just pay Google or Microsoft a little money each month and it’s all handled for you, so convenient! Make sure you always use strong passwords (and a password manager) for these accounts and if you can do Multi-Factor Authentication, that’s even better. These services are secure as long as you do your part to keep them that way. A potential drawback to this is when these services change their feature set or terms of service, those changes could impact your data privacy or how you have gotten used to using it.

Second Tier – Self-Managed Cloud providers

If you want a little more control over your data privacy you can opt for a Cloud provider like AWS, Azure or many others. Moving into this area will get you the ability to customize how all your data is stored, transferred and worked with. After you secure the environment with firewalls and VPNs you can choose from a wide variety of Groupware, CRM’s, project managers and communications that will all have encryption to ensure your data privacy.

Third Tier – In-House Servers

This tier used to be the most prohibitively expensive path to data privacy. Those days have changed thanks to virtualization. You can now buy a few off the shelf small PC’s and link them all together for redundancy and make an environment that offers the highest degree of data privacy. Since your data can’t leave your location without your permission (firewalls and VPN’s again) you have the highest level of data privacy. You’ll have to take extra care to make offsite backups.

Each of these has it’s own pro’s and con’s so you should review your options before making a change. There are also some combinations of these tiers that make for a good fit for most use cases.

More Details
Jul 14, 2023
You only need to remember one password

Passwords play a crucial role in our digital lives, granting access to various online accounts. Despite their importance, passwords can be a hassle, leading to re-use and security vulnerabilities. But until AI changes everything in ways we can’t yet predict, we still need to use passwords to access all our various accounts.

We’ve all fallen victim to password fatigue, using the same password across multiple accounts. When you signed up for that obscure account to get free ice-cream from a now defunct site, did you use the same password you always use? It’s security may have been compromised, then your login¬†and password are out there on the dark web waiting to be tried on amazon, bank sites and other places you have been.¬† Site hacks like that happen with ever increasing frequency. You can do a quick check by putting your email into haveibeenpwned.com , it will show you if that email is present in any of the known data breaches.

Your password should really just be long. If your password is 8 characters with just letters with some upper case included, it takes a trivial amount of time for a modern hacker on a fast computer to crack it. However, increase the length to 18 characters, and it would take a trillion years.

So how can you remember only one password and still be safe?  That one password is to your password manager system. Password managers handle all the challenges with passwords, like re-use and complexity automatically. There are several to choose from out there.  Lastpass was recently hacked, so they are not a great choice. 1Password and Bitwarden are still looking good and Proton Pass is new and promising.  If you have several people in your business that work with too many passwords, most of these have a good group plan, but only Bitwarden offers a way for you to “self host” for no recurring costs per user.

Password managers offer several key advantages

  1. They will allow you to use unique, strong passwords for each account you have because you just need to unlock it with that one password you remember. If one account is compromised, the breach won’t spread to others.
  2. When creating new accounts or changing an older password, they will create and store new, very secure passwords, eliminating the need to remember them.
  3. Plugins for browsers and mobile mean that you get logged into your accounts even quicker. Most will recognize a site they know about and enter your credentials automatically.
  4. You will be able to create a structured way of securely sharing passwords within your organization for those that need them.

Using the browsers password management is the first stop for many in this journey, but that’s not recommended because it lacks the same level of encryption as a dedicated password manager. Optimal security will use something called Zero-knowledge encryption. This ensures that your passwords remain entirely private, with no possibility of external parties accessing them.

Using a password manager is a great step towards making your online activities safer. It’s important to pick a system that will meet your specific needs and provides the best security for your situation. You might also find that it can make some of your more tedious login workflows a little easier, once you get used to it.  You might even be able to take most of those Post-It notes off your monitor.

If your business needs help with a Password and Security policy , I’d be happy to help out

More Details