Author: Robert Szczygielski

Companies that store sensitive data and confidential information, the leakage of which must be avoided, care about the most effective methods of protecting themselves against such events. Unfortunately, not all companies remember that password policy is a key element to consider. After all, the more employees are employed in acompany, the greater the risk of information leakage outside of the company systems is.

Employers usually give employees quite freedom as far as determining the login details is concerned, This often resuls in passwords that are very easy to crack, and thus accessing sensitive data by unauthorized persons may take pace.

What is the password policy?

Password policy is, or at least should be, part of a larger document called security policy, which in view of the new Personal Data Protection regulations is required in every enterprise. Its task is to manage employee access and set standards for creating passwords. Therefore, it is important to ensure the security of the processed data in the company.

This document should contain information about procedures of changing password  for individual systems. Systems containing personal data should force a chnge of passwords every 30 days. You can set any value for other systems, but you should change your password every 6 to 12 months.

It often happens that users are unable to provide the current password during the procedure of changing it. It is therefeore a very good habbit to set  a minumut time of at least 3 months in which the user will not be able to set the same password twice in a row.

You should also pay attention to properly lock an account for which a wrong password has been entered multiple times. This is important because it will prevent brute force attacks involving an infinite number of attempts to automatically crack the password by guessing it.

Last but not least, password policy should include regulate good practices for creating and storing passwords. Above all, however, employees should be aware of password policy procedures for data storage security.

What should a good password look like and how to store it?

Good password construction is the basis for creating an effective password policy. This means that there are a few rules to follow when creating a strong password:

• Passwords should be different and completely unrelated to each service / system. It is not allowed to use the same word in each entry and only change the numbers at the end.

• Passwords should not consist of words found in dictionaries.

• The longer the password, the better – creating long but easy-to-remember passwords is good practice. It is important, however, that the words contained in the password have nothing to do with each other, e.g., RaspberryCrimeMessiChocolate. Such a long password will be very difficult to crack, although it consists only of words. By the way, they are easy to remember.

• The use of numbers and special characters will certainly make it harder to guess the password,

• Avoid using loved ones, pets, birthdays or name days in your password. The entry type 123456 or qwerty is absolutely excluded.

Remembering difficult passwords or a large number of them is not a big problem. However, remember not to write them on sticky notes placed in a visible place or on a year-round calendar. This does not mean that all created passwords should be engraved in memory. In this case, it is a good practice to use “keychain” programs. They help “remembering” each password, and in addition hide them from the curious eyes of unauthorized persons.

Mail encryption ensures the complete confidentiality of the correspondence, both the content of the electronic letter as well as the attachments. The use of cryptographic algorithms guarantees that no unauthorized person will know the content of correspondence sent via the Internet, except for a specific recipient. In addition, the content of the email remains encrypted even after receiving the message and saving it in the mailbox on your computer. Reading of the information contained in the sent message will each time require a special verification key.

Encryption of messages can be done according to two alternative security methods: OpenPGP and S / MIME, as described below.

Mail encryption using the Open PGP (PGP) method

Authentication of recipients in PGP relies on a web of trust (WoT) in which users confirm their identity by each other. Simply put, this is done by exchanging keys between people known to aech other. In practice, network users place a virtual signature on another user’s certificate (key) and thus verify their identity. At the same time, the person who use the key is also a subject to verification.

Mail encryption using the S / MIME (X.509) method

This method uses digital certificates issued to users by the certification center. User verification is therefore based on trust in the center that issues identifiers. However, it should be noted that the center in no way confirms the identity of the user, to whom such digital certificates are issued for free.

In the event of theft or seizure of a private key by unauthorized persons, the key is revoked by the revocation certificate.

Mail encryption by private key – what you should know?

Both the PGP mechanism and the X.509 one use the asymmetric cryptography. It uses public and private keys to encrypt e-mail messages.

The public key is public, so it can be freely sent even in unsecured network communication or it can be given openly for example on the website. The recipient’s public key is used by the email sender to encrypt the information contained in the message. In turn, reading of the message is possible only after entering the private key in which the e-mail address is held.

S / MIME digital ID – what you should know?

Digital IDs are a must when encrypting mail and signing correspondence using the X.509 method. Each user receives an individual digital certificate, also called a digital identifier, from the certification center or the IT department of the company . When choosing a digital certificate, it is very important to opt for a trusted certification authority that is recognized by web browsers and popular email clients. Otherwise, after encrypting the email, you may receive a message saying that the message was encrypted with an ID that you do not trust.

Comodo Certificates are the most popular and recognized by as much as 99% of email programs. Each such certificate can be freely saved on a computer  in the “certificate store” or “smart card”.

Information is the most valuable commodity for modern companies. Often, not only their proper functioning depends on effective protection of information, but also the achievement of business goals that affect their development. It is worth noting that nowadays the most important company-data is stored not only on computers. Telephones used by lawyers of absolutely every company have successfully supplanted their older and definitely more powerful technological brothers. Today, the phone has ceased to be just a communication tool and has become a business partner in which a lot of valuable information is stored. Unfortunately, with the development of phone capabilities, the risk of losing the data contained in them increases. However, there are ways to protect mobile devices from leaking confidential information. Three most effective methods of securing mobile devices systems are the following .

1. Full control of the mobile device

Usually used by enterprises that provide employees with company equipment for business purposes. The system is managed via a central console accessible from a web browser. The so-called “agent” application is installed on the employee’s device, while all settings are automated by sending an e-mail. The management console is also designed to define a policy for using individual devices. This mainly includes setting which applications the user will be able to use and what actions he will be able to perform on the device. In addition, it can enforce specific hardware settings for Bluetooth, GPS, Wi-Fi, VPN, incoming and outgoing calls, SMS and roaming. Sometimes it can even specify access to websites, network protocols, password policy, usage of certain anti-virus scanners, force the installation of required applications or delete data in the event of theft or loss.

2. Protection of company data in the business profile as a way of securing mobile devices

The BYOD (Bring Your Own Device) trend is found more and more often. In this case, an employee uses his own smartphone or tablet in business matters, and the scope of data protection is limited only to business applications, i.e. email, calendar, contacts and task list. Access to these applications is, however, protected by a PIN code, which, if entered incorrectly three times, locks the device or cleans all data from the company area. In addition, the defined settings may or may not allow opening attachments and documents from outside. As with the previous method, the security policy also applies here, which, among others, enforces password configuration rules, installation of an antivirus software, requires periodically scanning of the device and proper Wi-Fi and VPN settings. This type of management takes place via a central console connected to the Internet.

3. List of encrypted SSL communication

It means encrypting access to company applications by combining SSL communication encryption with the server that provide those applications. Any work in the company program is carried out by providing a virtual desktop to which every individually logged user has an access, however,, without a permition to copy data to his own device. All data saved in this way is stored in one secure place on the company server. This treatment significantly affects the company’s secret information protection system. The only condition for this method to work on a mobile device is to install a program which establishes a secure connection to the system server. This program is called Secure Access.

Regardless of which method you choose, remember that information is now the most valuable asset of any enterprise. Therefore, it should be the priority to protect against an unauthorized access to it on stationary as well as on mobile devices. In the era of the Internet and the increased activity of cyber criminals, you can be never sure that someone is not trying to posses the confidential information of your company at the very moment. Therefore, it is better to protect it in advance and not give unauthorized persons any opportunity to do so.

Spam alike viruses is one of the biggest grief of Internet users. Unwanted messages can make e-mail use more troublesome, but there are ways to fight with spam effectively.

What is spam ?

Spam is an electronic message that is sent unchanged to the email addresses of many users. The main purpose of spam is advertising products or services or sometimes inviting to visit a website or an event. It is worth remembering, however, that spam is subject to the law, which prohibits sending commercial messages if a receipient has not agreed to it.

Spam – how to deal with it ?

Once our email address gets into the spammers database, the fight against spam is very difficult. Although anti-virus programs are constantly updated and modernized and are increasingly better at fighting spam, thry do not guarantee that the problem will disappear completely. The best solution is to follow some key preventive principles that will protect us from spammer activities.

1. Provide your e-mail address only to trusted partners, hence, read carefully the terms and conditions of service and regulations of processing the personal data. Be careful when visiting pages that require an email address to register.

2. When providing your full email address, replace the “@” with [at], instead of “. ” enter [period]. This will make it harder for the bots to capture your email address.

3. Use contact forms instead of providing an email address. Contact forms have special security features to protect against spam scourge.

4. Receiving the letter “chain” which has been sent to several different receipeints at the same time – ignore it.

5. If you receive e-mail that you did not order, contact the sender and request that your address is removed from the mailing list. Each sender is required to comply with your request. Don’t believe the annotations about one-time shipping or a public email address.

You can also use the option to block the sender by putting him on your own “black list”.

6. Do not open attachments from unknown senders, because it is usually a source of malware that will instantly infect your computer.

7. Enter the JavaScript code that is responsible for displaying the email address and the mailto function. Entering an email address this way should effectively prevent robots from identifying your email address.

8. Never reply to spam messages and don’t use promotional offers to buy goods or services. The same applies to replying to messages claiming that you have won a contest in which you have never participated.

9. Unsubscribe from newsletters that you do not read.

These are only a few methods to protect yourself against spam. In order to fight unwanted messages even more effectively, it is worth investing in an anti-spam program, which will additionally protect you against such threats. It is also important to regularly update the software that we use, because the versions contain numerous patches and comprehensive security packages.

Data recovery is the process of restoring access to data lost on a storage medium. Unfortunately, it is not always possible to foresee and properly protect against an accident that will result in the loss of valuable data. The question is what to do once it happens.

Regardless of whether the data was stored on a hard disk, server, laptop or on portable media, there is a chance and ways to restore such lost data. Especially when for some reason we do not have a backup copy.

Types of damage

There are two types of damage that results in serious data loss from media.

• Software (logical) damage – that is a damage of the logical structure of the data, but not a damage to the medium on which the data is located. Usually, standard tools are enough to solve the problem. However, there are situations when the damage is so deep that it is necessary to seek the help of a specialist working in a data recovery laboratory.

• Hardware (physical) damage – much harder to solve than a logical damage. They are associated with mechanical damage to the media on which the data were saved. Usually, key components such as heads, internal and external disk electronics, motor or cymbals are broken. Due to the complexity of the damage in this case, the solution to the problem requires the knowledge of specialists, the latest technology and laboratory conditions for data recovery. Usually such data can be recovered, but sometimes can be quite expensive and therefore not always worth the effort .

What to do in the event of data loss?

In a situation where we suspect that a disk or media has been damaged, it should be turned off immediately and never turned on again under any circumstances. Usually, by reacting quickly and reasonably, we give ourselves the chance to recover the lost data. Moreover, it’s important to remember that data is not recovered from the problematic media itself. Therefore it is best to copy the data to some other loction instead of working on the damaged medium.

In the next stage one should call the specialists and inform them what happened. They will definitely instruct you on how to act. When sending the storage medium by mail, remember to put it in an antistatic bag, to wrap it with bubble wrap, and pack it carefully so that it does not get damaged even more during transport.

Data recovery – stages:

• Damaged media examination – during which experts determine the type of damage, the possibilities of recovering data, the time needed to complete the process and the costs associated with it.

• Estimate how to recover data – what laboratory technologies to use to bring the best results in the shortest possible time.

• Data recovery.

• Uploading recovered data to storage media.

• Handing over to the customer.

• Backup of recovered data and implementation of archiving methods to avoid similar situations in the future.

We live in a time when technology has moved significantly forward, and the computer has become an integral part of everyday life, both at work as well as at home. Moreover, in many areas of life, we ​​have learned to rely on information technologies and the global Internet network, which over the past years has become the fundament of all virtual operations. Unfortunately, internet is the place where the most threats lurking for users of IT devices come from. Therefore, just as in a case of any other device, there are rules that apply when using computers, so that they become safe for us.

1. Take care of your data

Each computer is a source of data about work or about personal life of its users. Nevertheless, a computer is just a device of which continous functioning one should not fully rely. Therefore, if you store important files or documents on your computer, always remember to make a backup of them on some portable, external storage device. An ordinary USB stick or external disk with a capacity of several to several dozen gigabytes will protect important documents and files frombeing lost.

2. Remember to install an antivirus program on your computer

An antivirus program is an absolute must for any computer, especially the one with internet access. It will help protect your device against attacks and malware. Often, we may not even realize that our computer has been infected by a virus that “silently” wreaks havoc among files and reveals itself only when it is too late. There are a lot of such threats to computers, that’s why a good antivirus program, updated on a regular basis, should be installed on each device. It’s also worth remembering to regularly scan both your computer and portable USB storage devices connected to your computer, which may also become a source of malware.

3. Update

Manufacturers of operating systems and web browsers regularly release updates available to all users. Usually, updates install automatically, so make sure you don’t have the automatic-update functions blocked in your computer’s settings. Why is this so important? It’s easy. Updates are aimed at patching vulnerabilities or fixing errors found in previous versions of software, which helps to maintain security on our computer.

4. Get to know your computer and be aware of its limitations

Each application, program or game has specific hardware requirements that must be met to ensure its proper operation. Some of these requirements are smaller, others larger, but it is always important to adapt the program or game installed on your computer to its parameters. Incorrect operation of the equipment, beyond its capabilities, may result in serious damage, such as breakdown of a graphics card or of a hard disk., which only causes unnecessary expenses related to the repair of damaged component, or often even to the replacement of the entire computer.

5. Use the network with caution

It should be remembered that even the best anti-virus protection will not replace common-sense in everyday use of the web. Internet fraud is a growing and increasing problem, the solution to which has not yet been found. Unreliable sellers or phishing scams are just some examples of threats lurking on the Internet. However, you can minimize those threat. All you have to do is follow a few rules given below.

• Pay atention to the address of the page you want to view; in case of a secure site, a green padlock appears before the URL, and the URL starts with “https: //”; look at the page graphics and be alarmed by any change on it.

• Think twice before sharing your personal data, a photo of your car, home address or evem some information on a social networking site that you have just gone on holiday abroad. The principle of limited trust in the network is advisable.

• Don’t open suspicious-looking files, even if you received them in an email from your bank, friend or family member.

• Cover the webcam built into the laptop. Just in case.

A computer, especially one with Internet access is undoubtedly a great invention. It helps a lot in the everyday life, but it can also be fatal to unwise users. Common sense and obeying a few rules that should be always remebered will make the equipment we use become our friend, not an enemy.

Virtual server is currently the most popular solution offered by hosting companies. At the same time, it is the most frequently chosen option, especially for small and medium enterprises. This tool is definitely more efficient than shared hosting and, at the same time, cheaper than a dedicated server.  The virtual server is the best solution for example for  an online store or a website that regularly attracts more and more active users,

What exactly is a virtual server and how to choose it to meet the needs of your company ? The answers to these questions can be found in this article.

Virtual server – what is it?

To begin with, we should explain what a server actually is. To put it simply, it is a computer with high computing power permanently connected to the global Internet. Normally one puts e-mail boxes, website files and network services on a server. However, when you purchase a dedicated server service, you  have one of the computers in the data center, constantly connected to the network for your exclusive use. On the other hand, virtual server emerges as a result of dividing a dedicated server into smaller parts, which is done through appropriate software. So when we talk about a virtual server, we mean only a separate fragment of the disk space of a physical server, with an access of the administrator for management and configuration applications.

What to look for when buying a server and how to adapt it to the company’s needs?

When choosing a virtual server service, you should first of all focus on stability and reliability of operation. These are the features  for the security and performance of your website or online store. Therefore, one should choose a machine of a good quality. The one that will cope with many years of work in multiprocessing environments and guarantee not only efficiency but also availability. The type of virtualization is equally important, because it can restrict possibilities of adapting the server to the company’s needs.

Other parameters, such as the disk space, the speed or the available memory depend on the individual needs of the customer. Before making the final choice, it is worth to consider what kind of Internet activities the server will be used for and how much disk storage will be needed for it.

When running a blog that does not require a web portal or company website, the simplest virtual server option with 2 GB RAM, 40 GB disk space and 3 TB transfer is enough. For small online stores, a server with 4 GB RAM and 60 GB of space will be suitable. In turn, large stores should already invest in a service that guarantees at least 8 GB RAM and 80 GB of disk space.

The advantage of virtual servers is certainly the fact that by choosing this option, we do not have to buy the entire physical server. Instead, at much lower price we pay in a form of subscription a rental fee only for a fraction of it which will actually be used by us.

The choice of IT support for business is one of the key issues on which proper functioning and security of an enterprise depend. Nowadays, it is difficult to imagine a business to develop properly without a comprehensive IT support. Contrary to what it may seem, it is difficult to find  an IT company that fulfills well all the needs of a client. Especially in the era of widely developed commercial marketing, which bombards consumers  from all sides with attractive and nice-sounding advertising slogans.

What to look for when choosing an IT company that will serve our company?

1. Experience is the foundation of effective action

First of all, you should look for a company that has experience in cooperating with similar entities. That this seemingly insignificant detail is of a great importance for a smooth cooperation on the IT & business level. An IT company without experience may have problems with a basic support and implementation of appropriate procedures that will meet the client’s needs. Sooner or later, such an unexperienced IT company can effectively hinder the achievement of business goals.

2. The IT company should respond quickly

The time at which the IT company responds to emerging technical problems seems harmless at first, but in the event of a computer failure on which important data and files are located, a delay of a proper response can have serious consequences for the company. That is why it is advisable to have the cooperation with a flexible partner, who will be able to support us in critical situations.

3. Not quantity but quality of services

Before making a final choice, it is worth finding out how the IT company, whose services we intend to use, communicates with clients. At what time does it respond to queries, whether or not it uses the notification system and allows the client to continously track the progress of its work. The customer approach, conversations, problems and negotiations are equally important. If, at the first contact, an IT company shows initiative and commitment, it’s a good sign and a hint as to how cooperation will look in practice. Good communication will certainly improve cooperation and allow you to manage your work time during breakdowns.

4. Specialist knowledge is worth its weight in gold

The quality of IT services certainly depends  very much also on the professional and specialized knowledge of technicians who work in the IT company. IT specialists who take care of the company should constantly improve their qualifications, undergo training in new technologies, follow current technological trends and have appropriate certificates to offer their services. The effectiveness of cooperation will strongly depend on this.

5. IT company and its reputation

Checking the opinion of other customers of the IT company sgould always precede the choice of a potential IT partner. References issued by clients that already have used services of a given IT company may prove to be a very valuable guide. Although the number of references is not always an indicator of high quality services, the lack of any opinions about an IT company should be a worrysome signal.

6. IT company should take care of security

This feature should come first in this article, because IT security is now a priority for every small and large enterprise. In the modern world,  the threats lurking for users of IT systems are growing along with the development of information technology. This results in a natural need to implement the most effective tools for securing company systems, databases or customer information. An IT company that guarantees security must know how to protect business data from leakage and hacker attacks, as well as demonstrate that it has knowledge in the field of restrictive GDPR rules.

7. IT company and service costs

For many entrepreneurs, the cost of services is a decisive criterion when choosing a company offering IT services. However, it is important to remember that the price is not always a good indicator of quality. The cheaper the service, the bigger it should raise doubts. It does not mean that an expensive offer is more valuable. However, it is certainly more important what is actually included in the proposed service than what the price of it is. That is why paingattention to details is very important at the initial stage of communication with an IT company. Sometimes it is better to pay extra money, but at the same time to be guaranteed faster response and greater availability of specialists. All this depends on the cpecific needs of the company.

Elements that we have highlighted in the above text are the most important, but not the only issues to consider when choosing an IT company. The more information we get about a given partner, the greater the chance of establishing satisfying cooperation for many years there is. However, you can not forget about the face to face meeting, which very often will tell you more than a large pile of good references, convincing advertising slogans or promises made.

In the era of widely developed computer technology, companies have more and more goods in digital form and store much more data than they used toonly a few years ago. Threats to data security are difficult to eliminate completely, but there are ways to significantly minimize them. This makes it easier to reduce losses that enterprises may suffer as a result of data loss. The foundation of a well implemented IT security policy is the use of backups. A properly made backup copy ensures work continuity, but also the ability to recover data or files in the event of a major failure.

Below are some of the most common data storage methods that meet the diverse needs of enterprises.

1. Online storage

Online storage of data is colloquially called cloud back-up. Currently, it is the simplest  and most convinient solution, because it offers quick service and definitely lower prices for internet connections. Companies commonly propose Saas mass storage online (Software as a Service), i.e. software where the application is stored and shared. Besides that, everything is done via the Internet. An undoubted advantage of this solution is also the fact that online storage allows for backups to be done partially and does not involve any investment in advance. Unfortunately, data recovery using this method is more troublesome, because it is more time-consuming, especially when it is necessary to restore all data and files.

2. DAS (Direct Attached Storage)

It is a type of memory that is directly connected to a computer or server via internal or external disks. It consists of two basic layers. The first layer guarantees connectivity between memory nodes and transmission of commands along with information about resources. The second layer is, in turn, a program layer that provides additional services. A definite disadvantage of this solution is the inability to create a full backup. It needs to be created in batches, which means that often the stored files are out of date or outdated.

3. NAS (Network Attached Storage)

NAS is network attached storage, with capabilities similar to those of file servers. It consists of a physical device and data management software. Storage security for copied data is usually guarranteed  by the RAID function. It uses two or more hard drives that work together in the computer system. Therefore, NAS memory works as a file server, which can be accessed through the company network. In addition, NAS can operate independently of operating systems and platforms used in the company.

4. Mass storage to protect against critical failure

There are versions of DAS and NAS that protect enterprises against data loss in case of critical situations, such as for instance flooding or fire, when under normal conditions data can be damaged completely. With the potential risk of this type, special devices are used that are able to survive even a fire of a prolonged duration (e.g. several tens of minutes) or  flooding that lasts for several days.

5. Backup copy stored in a private cloud

Tihs is a good solution for companies that are afraid of sending data to an external company offering a cloud service. The answer to such fears is the private cloud, which is chosen by many companies that in this way gain efficiency and flexibility. A good example of a solution that work in this way is Transporter. This is a network device connected to disk storage that allows downloading as well as sharing and synchronization of data or files that located on discs of computers, laptops or other Transporters. There are also devices that allow computers to directly connect and synchronize data with other media via the Internet and that encrypt such transmission channels at the same time.

6. Backup copy and offline media

These are mainly tape- and optical-media, such as Blu-ray or DVD, which are used to store offline backups. In many ways, this solution may seem outdated, but one should definitely not give it up completely. Sometimes a device which is not connected to the network can save the data of the company. This was the case  even for Google during the failure of Gmail services.

Backup copy should be an absolute priority for every company. There are really many possibilities for creating and storing copies of company data, depending on the needs. Nevertheless, it is always worth using the 2 + 1 method, which involves creating at least two full back-ups of important files and storing them on two separate, independent disks. The third copy should additionally be carefully stored on an offline disk. Such approach will certainly ensure the business continuity without interruptions even in am event of sudden failures or loss of one of the backups.