By Having Good Updating and Decommissioning Procedures
Protecting customers’ sensitive information is one of the most important things your business can do. If customers can’t trust you to protect its interests, they will look elsewhere to spend their dollars. Technology advances at such a rate that it is hard to keep up with IT security best-practice. But keep up we must.
Peoples Voice has published several blog posts with tips about information security for business owners and operators over the years. This post addresses two problem areas that are of particular concern to business owners and operators: old computers and software updates.
Why you care about how you dispose of old computers
If the cars parked outside their home garage and the revenue stream of storage companies suggest anything, it’s that we have a hard time knowing what to do with old stuff. Who knows when we might want to recover grandmother’s old couch? It might be worth something; it’s too big to move and there is no convenient way to dispose of it.
For some reason, we have no such angst when it’s time to replace a computer. There are plenty of charitable organizations who will be only too happy to take your old computer off your hands.
However, your old computer is far more valuable to your personal security than the old couch. You should never dispose of or donate a computer having its hard drive intact.
Just because you think it has little value doesn’t mean it actually has little value or that it won’t be used against you. Security expert Brian Krebs writes that “nearly every aspect of a hacked [or donated] computer and user’s online life can be and has been commoditized. If it has value and can be resold, you can be sure there is a service or product offered in the cybercriminal underground to monetize it.”
In the parlance of information security professionals, computer storage contains up to eight threat “vectors” or points at which your personal information could be stolen or used inappropriately. The bad guys would love to hack your computer so they could:
- make it a web server for all sorts of really bad things (child porn, spam site, etc.)
- execute email attacks using your cached personal or work email account; steal “virtual goods” such as online gaming assets, operating system license key, etc.;
- hijack your reputation or personal ID using stored credentials (Facebook, LinkedIn, Twitter, Google, et al.);
- collect account credentials (eBay, Amazon, Netflix, corporate servers, signed certificates);
- use financial credentials to enrich themselves (bank account data, stock trade information, etc.)
- disrupt internet operations via bot activity to guess account login passwords and user IDs;
- seize control of important accounts or threaten public disclosure of secrets (hostage attacks)
Better to think defensively than to assume you will somehow escape a threat to you and your company. Such defensive thinking will lead you to destroy any hard drive before the computer is donated to charity or recycled.
Keep your software up to date to reduce threats. Here’s how.
The biggest threat to your computer’s security is its user. The second biggest threat to your computer’s security, however, comes from the installed operating system and software. The rule of thumb is “if installed, it should be up-to-date.”
For Windows users, the current version is Windows 10. For Mac users, the current version is OS X El Capitan (macOS Sierra is coming in the Fall of 2016). So keep your operating system up-to-date.
Some complained about Microsoft’s aggressive Windows 10 upgrade efforts. The fact remains that past versions of Windows OS (Windows XP, Windows Vista, Windows 7, Windows 8.x) are known to be widely exploited to deliver up sensitive information. Microsoft has made a good-faith effort to protect users by creating the new OS free for any device running Windows and giving developers years to get their programs ready for Windows 10.
The more difficult process is keeping individual software applications current with updated patches and versions. Fortunately, there are very good tools to help. FileHippo’s App Manager is one free application that will keep your computer system up-to-date. Another solution is Secunia’s Personal Software Inspector. Both of these apps will alert you to when updates to 3rd party software are available.
Protect your assets by keeping computer operating systems and software up-to-date and by ensuring information storage is not inadvertently left intact when decommissioning the device(s).
Subscribe to this blog and watch for new posts about security!