1.2. Securing Data at Rest


When your data is stored on a hard drive, a server or the cloud, it is in a state called “data at rest”. There are two other states, “data in use” and “data in motion”. While the rest of this chapter will teach you how to secure such information at each stage, this sub-section focuses on how you can keep close tabs on who has access to your folders on your network.

The first step is changing the password of the administrator account on your laptop or computer. Sometimes, there is no administrator password or just a really short one. This allows hackers to gain access to the device easily. The second step is to minimise using your computer with administrator rights. A computer or laptop running on the Windows systems typically gives the primary user full rights automatically. Set up a new admin account on your computer and use it only if necessary. Limit the user rights of your normal account to a minimum. This minimises the chances of your device being infected with malware because you no longer have the right to install applications anymore. You should also not have guest accounts to prevent others from misusing them.

Encryption
The next step is to encrypt your device and the data on it. Encryption means to encode messages or information that only authorised persons can read if they have the correct password to decrypt the file. Use a strong password to prevent hackers from cracking into the system easily. Be aware that encryption makes your device operate slightly slower than usual.

Hard drive encryption
Imagine a big gate in front of your house defending strangers from entering. This gate is only safe when you lock it with several chains from the inside. This gate is like your hard drive. Encrypting the hard drive puts protective ‘chains’ on your computer that make it difficult for hackers to enter. To ensure that the chains are strong enough, use AES 256 – one of the most successful encryption methods to date. Other recommended software products to encrypt your hard drive are VeraCrypt (for Windows) or FileVault (for Mac).

Data encryption
When you encrypt your hard drive, you automatically lock the data on it, too. It is only necessary to encrypt individual data files if you want to be doubly secured. This prevents potential spies from accessing or to reading documents on your device. Recommended software products for data encryption include ‘Bitlocker’ and ‘VeraCrypt’ (Windows), ‘FileVault’ (Mac), or ‘Crypto Disk’. It’s also possible to pack files together in one encrypted archive using ‘7-Zip’ (Linux).

USB encryption and backups
A USB device is another place journalists store information, so these devices need to be protected in a similar fashion as with computers and phones. You might also use a USB as a back-up for these primary devices. You may wish to make various copies of your information in case something goes wrong with your data, but make sure each of these backups is encrypted.