Please Don’t Steal This Data

Please Don't Steal This DataStealing profitable data is a big business in today’s always on, connected world.  Just one look at the news headlines and you can see evidence of this everywhere.  JPMorgan Chase, Home Depot and recent revelations about nude celebrity photos breached on Apple’s iCloud service are some of the latest to hit the news.

Stealing information is done primarily for one reason – to make money.  Over 40 years ago Abbie Hoffman wrote “Steal This Book” to advocate rebelling against authority.  Today it’s a good idea to think about rebelling against those who want to steal your identity and intellectual property for their financial gain.

Unfortunately stealing information has become very sophisticated using automated scripts.  Gone are the days when teens did this for kicks in their basements.  Most of the cyber attacks and other ways of stealing your information are done by organized crime, intelligence agencies, governments and groups intent on disrupting economies.  An example is a recent accusation by SolarWorld Americas, the largest manufacturer of solar panels in the US, that the Chinese military stole important business documents from its computers.

The US Commerce Department estimated that US businesses lose $250 billion and 750,000 jobs each year to the theft of intellectual property.  The International Chamber of Commerce estimated this figure to be $600 billion internationally.  This doesn’t take into account stealing of credit card information, social security numbers, medical records and a host of other information.

So how do you protect your business and personal information from exposure?

The best approach is to encrypt your information using techniques that are not easily broken.  If you encrypt a file with a simple password, that won’t stop this type of attack, since these passwords are easily guessed.  If you use disk encryption tools on your computer, that’s fine if your computer is stolen, but doesn’t help if someone transfers the files to another destination.

If you want to encrypt your files and guarantee ultimate control over them, you need to use a data-centric security policy that moves with the files.  Rather than relying on the computer used to encrypt them, you need an independent system that’s tied into your directory service, like Microsoft Active Directory or LDAP.  The system encrypts your files and lets you control who can access the information inside them.  That’s actually better than local encryption, since you can give some people limited access to your files and still protect them.

This is really important as you use cloud computing.  If you use DropBox, Google Drive, Apple iCloud or another file storage/sharing service, you want to control access to your files at all times.  You don’t want someone hacking into your account and seeing sensitive information.  By applying a persistent security policy to your files, you can access them anywhere and still protect them.  Best of all is that you can ensure someone stealing your files won’t be able to use them.  If a hacker or other unauthorized user gets the file, they will just have a bunch of random data.

If some of the companies and individuals in the headlines locked their confidential files with a persistent security policy, we may never have heard about these incidents.  This level of file protection guarantees that hackers, governments and snoopers won’t compromise your information and make you the next headline.  Choose to use it rather than putting yourself at risk.  If you don’t, I can guarantee you that someone will steal your data.

 

Photo credit lovelypetal

Leave a Reply