Where's Your Data Stored?

Where's Your Data stored?

I'd like to pose a question we should be asking ourselves often in this modern digital world: Where's my data?

Where is your data?
These days a person may own a computer, a smartphone, a tablet, and other Internet-connecting gadgets like a smartwatch. Each of these devices collects data we put into them, and data they gather about us. Here I'll focus on one set of important data we input: Personally Identifying Information (PII).

What is Personally Identifying Information (PII)?
PII can include your name, social security number (SSN), date and place of birth, mother's maiden name, etc. It can also relate to your unique medical, educational, financial, or employment information. PII can be exploited for identity theft and other crimes.

Know where your PII is stored. For example, do you keep your SSN, or those of family members, on your phone in the Contacts or in a notes app? This may be convenient, but it's risky. If someone steals your phone, or hacks it, the PII is exploitable.

So after answering the "Where's my data?" question, the follow up should be: "Is it safe there?"

Is your data safe there?
In the example of a smartphone, is yours password protected? Is it encrypted? If the answer is no, no, then do not store PII on the phone. If you are using an app like Lastpass on your phone to store PII, this app's vault encrypts the data. This is good protection, but still password-protect and encrypt your phone. Nothing is 100% secure.   

What if… your phone is lost or stolen?
The third data risk question to ask is: "What if?" For example, ask yourself, "What if my phone is lost or stolen?" Have a protocol you can follow quickly to minimize the potential for information theft, the first step being locating the phone and trying a remote wipe. 

If that isn't effective, then consider all apps and accounts you save on the phone that are password-linked and change those passwords on the website for those apps and accounts immediately! (If you haven’t done so already, make complex and unique passwords for each of those accounts.)

Don't keep any PII on a portable device
To err on the side of paranoia, don't keep any PII on a portable device, or for that matter any info that you don't want going public. Take measures to protect what’s most precious. 

Thanks for reading.
Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Be Careful Which Data You Store on the Internet

Be Careful Which Data You Store on the Internet

What's the issue?
Photos, videos, emails, documents, spreadsheets, etc. - all the stuff you create on your digital devices and post or store on the Internet - are accessible to other people, and not just people you've shared them with. 

The internet is a public network and as such is a tempting target for hackers. Whether it's called the Web, the Net, or the Cloud, all services are running on a public platform.  

Cloud storage companies that host your email, your personal or company files, your precious pictures of family, etc. are usually doing their best to limit access to authorized users only, i.e. those users having passwords or other means of authentication. 

But the potential to score some valuable confidential data is very tempting. So cyberthieves are thriving by exploiting weak points in software all across the internet. 

Why is software so vulnerable?
Software - whether a web browser, PDF reader, email program, cloud application, etc. - is inherently insecure the moment it's released, whether it's a free or paid version. 

Computer code is too complicated to be perfectly debugged. That's why all software companies and programmers issue fixes, patches, updates, etc. for their programs. There's no way around it. 

Given this fact, and the growing opportunity and enthusiasm for cybercrime, we users must be suspicious from the outset whenever we do anything online, especially posting, storing, and sharing our data.  

How to improve protection of your data?
First decide what's confidential. Usually this includes anything you don't want others to see besides yourself or trusted people. Confidential data can range from the obvious - a bank account number - to the seemingly innocuous, such as a carefree photo taken of you at the beach. Data is like a gun; its potential for good or ill depends on the intent of the person wielding it.

If you are running a business and need to store confidential data online for staff access make sure there is strong encryption during the transmission and storage of the data. (I will write more about encryption in a subsequent article.)

When should you take action?
As soon as possible, take stock of the data you store online. 

After you determine which files you consider confidential, decide your risk tolerance for storing those files online. Translation: If the site storing the files got hacked, how vulnerable would you feel? 

And this begs the question: Why are you storing any confidential data online? (There are secure ways of storing passwords, data, account info, etc. using websites like lastpass.com)

Where can you find more info on this topic?
Here's an article posted on a Boston University page outlining the concerns of storing data in the cloud and which addresses the importance of encryption. 

Who can help?
If this all seems too technical but you are concerned and want to be better protected, you may want to hire an IT consultant. This is an especially good investment if you are responsible for data security in an office environment. 

In Sum
We don't leave our car doors unlocked or windows rolled down in public parking lots. We don't leave our home doors and windows unsecured when we're on vacation. We have some common sense in these areas. In this new digital age, we need to develop common sense concerning our private data. Not doing so can be very damaging to our finances, our identity, and our reputation. 

Thanks for reading.
-Sam