Secure Your Sensitive Data

Published Date
01 - Apr - 2006
| Last Updated
01 - Apr - 2006
 
Secure Your Sensitive Data
In this little article, we present the basics of how to protect access to sensitive data on your computer. Follow one or more of these tips based on how much of a paranoiac you are!

Use A BIOS System Password
One of the basic ways of securing your PC is to prevent it from even booting unless a password is entered. This is achieved by assigning a system password in the BIOS. Once you enter the BIOS, look for an option that says "System Password."


Set a supervisor (system) password


Set the password check to 'Always' or 'System'

Usually, you can either set a BIOS Password, which prevents open access to the BIOS, or a System Password, which allows booting only if a password is entered. Assign a System Password when prompted. Once the password has been confirmed, you can save your settings and exit the BIOS. (On some BIOSes you need to change a Security or Password setting under 'Advanced BIOS settings' to read 'System' or 'Always'.  Now, when your computer restarts, you will have to enter the password during booting. This can be your first line of defence. However, the BIOS password can be reset by someone who knows his way around the motherboard. But such a person risks being caught opening up your computer's cabinet! Even then, let's look at some other things you can do to keep your files from being opened by others.

The Windows Password
If your guest account is enabled in Windows 2000 or XP, you may turn it off so only registered users and the Administrator can get into Windows. This setting can be accessed by going to User Accounts in the Control Panel. This should take care of most intruders except for the really determined ones who, given enough time, can boot off a CD or USB drive and copy or read your files. This is time-consuming, but possible nevertheless.

Encrypting Files
Even if someone does get into your system, you can still prevent them from opening your files, by using XP's encryption feature. Encrypted files can be opened only by the user who encrypted it. It will still be possible for other users to delete them. This system is OK in cases where losing a file is better than someone else knowing its contents.
Even if the encrypted file is copied onto another machine, it is not possible to open it without a Security Certificate imported from the computer on which the encryption was done. The encryption feature works only with the NTFS file system.


Right-click on the File > Properties > Advanced > Encrypt files 

Passwords in MS Office
If you want to go a couple of steps further in making your documents secure, you can assign a password to your MS Office and OpenOffice.org files from within the software. In MS Office applications, you can assign a password by going to File > Save As > Tools > Security Options. Here, you can assign passwords for modifying or even viewing the file.

If you are working on files such as images that cannot be password-protected, you can add your files to a WinZip archive-or, if you have Adobe Acrobat, then to an Acrobat file-and assign a password to it.

Choosing a good password
  • Avoid using dictionary words.
  • Use many characters.
  • Use numbers randomly in the password.
  • Upper case should be used in part.
  • Special characters such as @ and ^ may also be used if the software permits it.

Destroy them for good!
Just like you would shred sensitive documents that are no longer needed, break CDs / floppies that contain personal data before throwing them away.

When you delete your files from the Recycle Bin, the raw data of the file is retained on the hard disk. To permanently delete the data, use file shredding software such as Simple File Shredder (www.scar5.com).

The paranoid geek!
Some of us don't stop here-we change the extension of the file, rename it to make it look like a system file, change the date attributes and then move it to the Windows folder where no one can identify it unless they know the exact file name. File hiding software such as Magic Folders and Gate Keeper offer encryption and hiding of files. Then, there are also mechanisms by which Windows can be set such that it will start only if a USB drive with some authentication files is inserted.

One last word: there is no system that cannot be beaten given time and expertise. The only way to totally secure your computer would be to prevent physical access to it. Sorry, but that's the way it is!




Team DigitTeam Digit

All of us are better than one of us.