Have you downloaded a trusted app with malware on it?

Most people nowadays are equipped with some form of computing device - laptop, desktop, smartphone or tablet. I'm willing to throw my two eggs at the wall and say 80% of those people have very little insight into their device and how weak their security is regarding their personal privacy.

I could be wrong, of course. In all probability, the percentage may be higher than that.

Who and what you trust is the fundamental basis to preserving your privacy; improving your security infrastructure or if it is of critical interest for you to remain anonymous when browsing online.

To reduce the level of risk against you, be skeptical of any weblink before clicking and learn what to look out for when it comes to websites. For 99.9% confidence, .. type in 'HTTPS://' yourself!

When safeguarding their IT infrastructure, many business owners lessen the number of things they trust - including themselves as they understand people make mistakes - including themselves. More mistakes happen in tandem made with parrallel rises in pressure so they put systems in place to mitigate the risk.

In order to protect your data, wise decisions must be made when it comes to trust.

Choosing what software, encryption, operating systems, storage, internet provider password managers, what downloads to download - did I forget anything?

Ultimately, you trust the people you choose to protect your data.

Evaluating consistency over time and having a contingency plan in place is one risk based approach you could take instead of trusting immediately. This form of approach is sensible because everything presents a level of risk. Some acceptable. Some not.

By distributing shared levels of trust among those you wish to distribute it to, you mitigate any risk and and are inadvertedly in a better position to manage it.

Leaps of blind faith tip the scale toward higher levels of risk. Your business is too important for that.

Continual evaluation of people, systems and processes within a business and deliberately designating degrees of trust to qualified personnel demonstrates a more intelligent leap of faith. Amen!

Maybe you want to store files online. You may wish for the ability to synchronize files online so staff can access them easily and improve levels of productivity. In this case, You will need to choose a storage provider. Dropbox is a popular option so you to keep up with the Jones, you choose Dropbox.

In this scenario, trusting that your files won't be hacked is naive to say the least. You should never trust they wouldn't lose or change your files. This is what I call being 'tech-wise'. You have to prepare for the worst. Make risk-based choices. How important is it for your files to remain private?

If peace of mind is important to you -  is it not better practice to eliminate the possibility of your data being altered and for it to always be available whenever you need it and exactly how you left it?

You are one smart cookie if you choose to backup your files in a seperate location as well as encrypt the files; by encrypting files client side via a service with a decryption key only you have.

This way you distribute the trust to an alternative backup device and to yourself via encryption.

There are services online such as 'zero knowledge' encryption systems. This is when a provider has zero knowledge of what it is they are hosting for their clients. This zero knowledge system goes some way to providing a system you do not need to trust too much in terms of confidentiality and privacy. You would still need to trust them to keep your files available and not change them. If your files were extremely sensitive - I wouldn't trust a claim of a zero knowledge system as they can always make changes or recode it as they have control of the app. Humans are imperfect by default and with the nature of coding being a complex task; mistakes are easily made. Hackers prey on these mistakes.

If your files are important, you can always add another level of encryption - you'll just need to be super organised with all your passwords!

One critical thing to be aware of is applications having secret backdoors. A sensible approach would be to run an app in an isolated VM to stop it being able to communicate with your original operating system. Applications often have malware. I recommend sandboxing applications before trusting them. This way, you isolate the application, evaluating it and mitigate the risk. Distributing the trust.

If that sounds too 'techy' or you just don't have the time to learn this stuff, one of our expert engineers can take care of it for you so you can focus on matters more central to your business.

 

Huw Tremlett

Data Management Consultant

Huw Tremlett