Data in Transit
Data in transit, or data in motion, is data actively moving from one location to another such as across the internet or through your private network.
1. HTTPS: Only use websites where you know they are encrypted, and secured using a trusted certificate. Modern day browsers should warn you if there is an issue with the certificate but use of the padlock icon next the the website address. The below image is an example of a secure site.
2. Trusted Networks: Perform sensitive tasks on private networks only unless you can be sure that no one is listening to the network traffic. Here is a story around abuse of a public Wi-Fi attack performed at Starbucks [hacked-starbucks-wi-fi-hotspot]. A common method used in public networks is the Man-in-the-Middle (MITM) attack, the cybercriminal sits between your computer and a website or service you are trying to access. This will allow the cybercriminal to monitor your Internet traffic without you knowing this is happening.
3. VPN: VPN’s are a method to secure your network traffic where ever you are. If you are out at a clients office or grabbing a coffee. This will encrypt any and all traffic once the VPN is connected. VPN is by far the most robust protection you can get to protect your privacy and stay secure on public WiFi at the same time. There are many services out there where you pay a monthly fee and can connect and disconnect at the click of a button.
Data at rest is data that is not actively moving from device to device or network to network such as data stored on a hard drive, laptop, flash drive, or archived/stored in some other way.
1. PC / Laptop: It’s crucial to understand when using any Laptop, Desktop or Mac things are not encrypted by default, you must set this up yourself! With Windows 10 is encryption is built into the operating system, but only for Windows Professional and up. If you are a Windows Home you are exposed to some risk and should upgrade as soon as possible. Without this its easy to take the storage out of the device and connect it to another computer and read all your sensitive data
2. Network Storage: If you have some network attached storage (NAS) in your office you must make sure that this is encrypted, just because it seems more secure doesn’t mean it is. Similarly to PCs and Laptops before, if someone takes the device they have complete access to all of your businesses sensitive data.
3. Cloud Storage: Some cloud storage providers will automatically encrypt your data where as some other may not. Some offer a shared responsibility model where you have to set up encrypt and provide or generate encryption keys. If you are unsure you should always check.
4. Backups: How ever you make sure your data is backed up you must also ensure the method you are using protects that copy of your sensitive data. As if this was to get into the wrong hands you business is opposed.
Drop us a message or give us a call and we will be in touch to help you gain a better understanding
Date: January 14, 2020
Author: Magnetar IT
