Everything Needs to be Secured

Types of Data
Has data really changed? Well technically no, data generated by computers and digital devices is still
groups of 1s and 0s. That has not changed. What has changed is the quantity, volume, variety, and
immediacy of the generated data.

Historically companies would have access to our information gathered from forms, spreadsheets,
applications, credit card purchases and other types of files. Much of the information was stored and
analyzed at a later date. Sensitive data was still collected, stored and analyzed but, historically, hackers
were more interested in hacking into systems to obtain corporate or government secrets.

Today, gathered data is taking on new characteristics. The digitized world has opened the floodgates for
data gathering. IoT sensor-enabled devices are collecting more and more data of a personal nature.
Wearable fitness trackers, home monitoring systems, security cameras, and debit card transactions are
all collecting personal data as well as business and environmental data. Data is often combined from
different sources and users may be unaware of this. Combining fitness monitoring data with house
monitoring data could produce data points to help map the movements or location of a homeowner.
This changing type of data collection and aggregation can be used for good purposes to help the
environment. It also increases the possibility of invasion of our privacy, identity theft, and corporate
espionage.

Personally identifiable information (PII) or sensitive personal information (SPI) is any data relating to a
living individual that can be used on its own or with other information to identify, contact, or locate a
specific individual. The data gathered by companies and government institutions can also contain
sensitive information concerning corporate secrets, new product patents, or national security.

Because we are gathering and storing exponential quantities of both sensitive and informational data, it
has increased the need for extra security to protect this information from natural disasters, hackers, and
misuse.
Who Wants our Data?

The Good Guys

Legitimate companies have an agreement in place that gives them permission to use the collected data
about you for purposes of improving their business. Remember those “Terms and Conditions” or “Terms
of Service and Agreements” documents that we say yes to but do not usually read? The next time that
you are presented with one, take the time to read through it. The contents might surprise you.

Other legitimate users of our data would be companies that use sensors on their own devices or
vehicles. Governments that have environmental sensors, and cities who have installed sensors on trains,
busses or traffic lights also have a right to the data they generate.

Some hackers, called white hat hackers, are paid by legitimate companies and governments to test the
security of a device or system. Their goal is not to steal or modify data but to help to protect it.

The Bad Guys

Other hackers, called black hat hackers, want access to collected data for many nefarious reasons:

• To sell the information to a third party.

• To modify the data or disable functionality on a device.

• To disrupt or to damage the image of a legitimate company.

• To access devices, web pages, and data to create political unrest or to make a political statement.

• To access user IDs and passwords to steal identities.

• To access data to commit a crime.

• To hack into systems to prove that they can do it.

Security Best Practices
Securing the network involves all of the protocols, technologies, devices, tools, and techniques that
secure data and mitigate threats. Network security is largely driven by the effort to stay one step ahead
of ill-intentioned hackers. Just as medical doctors attempt to prevent new illnesses while treating
existing problems, network security professionals attempt to prevent potential attacks while minimizing
the effects of real-time attacks. Networks are routinely under attack. It is common to read in the news
about yet another network that has been compromised.

Security policies, procedures, and standards must be followed in the design of all aspects of the entire
network. This should include the cables, data in transit, stored data, networking devices, and end
devices.

Some security best practices :

• Perform Risk Assessment

• Create a Security Policy

• Physical Security Measures

• Perform and Test Bakups

• Maintain Security Patches and Updates

• Employ Access Controls

Physical Security
Today’s data centers store vast quantities of sensitive, business-critical information; therefore, physical
security is an operational priority. Physical security not only protects access to the premises, but also
protects people and equipment. For example, fire alarms, sprinklers, seismically-braced server racks,
and redundant heating, ventilation, and air conditioning (HVAC) and UPS systems are in place to protect
people and equipment.

Figure one shows a representation of a data center. Select each circle for more information.

Physical security within the data center can be divided into two areas, outside and inside.

• Outside perimeter security - This can include on-premise security officers, fences, gates,
continuous video surveillance, and security breach alarms.

• Inside perimeter security - This can include continuous video surveillance, electronic motion
detectors, security traps, and biometric access and exit sensors.
Security traps provide access to the data halls where data center data is stored. As shown in Figure ,
security traps are similar to an air lock. A person must first enter the security trap using their badge ID
proximity card. After the person is inside the security trap, facial recognition, fingerprints, or other
biometric verifications are used to open the second door. The user must repeat the process to exit the
data hall.

Figure displays the biometric requirements at the Cisco Allen Data Center, in Allen, Texas.

Challenges of Securing IoT devices

IoT devices are developed with the necessary network connectivity capabilities but often do not
implement strong network security. Network security is a critical factor when deploying IoT devices.
Methods must be taken to ensure the authenticity, integrity, and security of the data, the path from the
sensor to the collector, and the connectivity to the device.
Safe Wi-Fi Usage
Wireless networks are popular in all types and sizes of businesses because they are easy to set up and
convenient to use. For employees and guests, the company needs to deliver a wireless experience that
enables mobility and security. If a wireless network is not properly secured, hackers within range can
access it and infiltrate the network.

Few Example To Help You Protect Your Wireless Network :

• Change the default administrator password

• The Change the network service set identifier (SSID)
• Do not advertise SSID name
• Create a Guest Wireless Network
• Enable the built-in firewall

Smart Homes

Smart home technology has become very popular and its popularity is increasing every year as the
technology evolves. Who doesn’t find it appealing to turn your home thermostat up or down while you
are at work, or to have your refrigerator order groceries to be delivered when you get home? How cool
is it to check on the dog or to verify that your teenagers are doing their homework after school by
activating your home security cameras?

As we install more and more smart sensors into our homes, we do increase the potential for security
issues. Often the sensors are connected to the same network as our home or small business devices so
that a breach of one device can radiate outwards to affect all connected devices. The sensors could also
provide a way for hackers to get into our home network and gain access to any PCs and data that are
connected to it.

Even virtual assistants such as Apple SIRI, Amazon Echo, or Google Home can be security risks. People
use these devices to turn on music, adjust room temperatures, order products on-line, and get
directions for where they are going. Can this cause any harm? It is possible that personal information
such as passwords or credit card information could be leaked.

Fortunately many of the security flaws of the early smart technology sensors have already been
discovered. Developers are working to correct the flaws and improve security measures to protect their
systems from attack. Before purchasing home security systems, it is very important to research the
developer and the security and encryption protocols that are in place for its products.

Public Hotspots

When you are away from home, a public Wi-Fi hot spot allows you to access your online information
and surf the Internet. Common activities on public Wi-Fi include logging into a personal email account,
entering personally identifiable information, logging into social media, and accessing bank or financial
information. All of this information could be stolen if the Wi-Fi connection is unsecure.

Safety rules to follow if you are using a public or unsecure Wi-Fi hotspot:

• Do not access or send any sensitive personal information over a public wireless network.

• Verify whether your computer is configured with file and media sharing, and that it requires user
authentication with encryption.

• Use encrypted virtual private network (VPN) tunnels and services. The VPN service provides you
secure access to the Internet, with an encrypted connection between your computer and the VPN
service provider’s VPN server. With an encrypted VPN tunnel, even if a data transmission is
intercepted, it is not decipherable.
Many mobile devices, such as smartphones and tablets, come with the Bluetooth wireless protocol. This
capability allows Bluetooth-enabled devices to connect to each other and share information.
Unfortunately, Bluetooth can be exploited by hackers to eavesdrop on some devices, establish remote
access controls, distribute malware, and drain batteries. To avoid these issues, keep Bluetooth turned
off when you are not using it.

Setting Up a VPN on Smartphones

A VPN is a secure network using an encrypted Internet connection that acts as a secure “tunnel” for
data. It can be created over the public Internet connection to enable users to hide their identity when
they are using the Internet. You should use a VPN service when you connect to a Wi-Fi network that is
not your own (e.g. at the library or coffee shop). It prevents others on that public network from
eavesdropping on your web use when you are using non-secure websites or communications.

Many businesses require VPN access into their internal networks if employees are working remotely or
are mobile. The employee will be provided with the VPN client, as well as user ID and password
information. For those who do not have access to a business VPN, there are many smartphone VPN
service applications that you can download for free or for a monthly fee. Examples of these VPN apps
include: ExpressVPN, NordVPN, and TunnelBear.

If you have a business VPN or if you download a VPN service application, they will provide the
information and support required to set up your VPN.

See Figure 1 for instructions to manually set up a VPN on an Android device.

See Figure 2 for instructions to manually set up a VPN on an iPhone or iPad.

Summary
This chapter began by discussing the types of data. Personally identifiable information (PII) or sensitive
personal information (SPI) is any data relating to a living individual that can be used on its own or with
other information to identify, contact, or locate a specific individual. Legitimate companies have an
agreements (Terms and Conditions or Terms of Service) that gives them permission to use the collected
data about you for purposes of improving their business. Other legitimate users of our data would be
companies that use sensors on their own devices or vehicles. Governments that have environmental
sensors, and cities who have installed sensors on trains, busses or traffic lights also have a right to the
data they generate.

Some hackers, called white hat hackers, are paid by legitimate companies and governments to test the
security of a device or system. Their goal is not to steal or modify data but to help to protect it. Black hat
hackers want access to collected data for many reasons, including selling it, damaging the reputation of
a person or company, and causing political unrest.

Next, the chapter detailed security best practices. Security includes physically securing the outside and
inside perimeters of places, such as data centers, where data is stored. Securing IoT devices is
challenging due to the sheer number of them, the fact that they are found in non-traditional locations,
and that many of them cannot be upgraded.
Black hat hackers frequently access available Wi-Fi. There are many steps you can take to protect your
company’s wireless network. To protect devices, keeps the firewall turned on, manage your operating
system and browser, and use antivirus and antispyware.

Safety rules to follow if you are using a public or unsecure Wi-Fi hotspot:

• Do not access or send any sensitive personal information over a public wireless network.

• Verify whether your computer is configured with file and media sharing, and that it requires user
authentication with encryption.

• Use encrypted virtual private network (VPN) tunnels and services. The VPN service provides you
secure access to the Internet, with an encrypted connection between your computer and the VPN
service provider’s VPN server. With an encrypted VPN tunnel, even if a data transmission is
intercepted, it is not decipherable.

As we install more and more smart sensors into our homes, we do increase the potential for security
issues. Often the sensors are connected to the same network as our home or small business devices so
that a breach of one device can radiate outwards to affect all connected devices.