How to prevent data loss on a computer

How to avoid the loss of data on a computer

For any company, data loss is catastrophic, particularly in the age of technology, where business depends on digital information to optimize their marketing, communication opportunities, and transaction processes.   A critical aspect of a data management plan is to reduce the risks of data loss.

The first goal should be to avoid the loss of data from taking place in the first place. There are several factors that may contribute to the loss of data.

The following illustrates a few sources of data loss:

1) Failures on hard drives

2) Unintentional deletions (user error)

3) Computer viruses & infections with malware

4) Theft of Computers

5) Power irregularities

6) Damage caused by spillage of beverages or liquids.

But if a failure does occur, then you should adopt some best practices to improve the recovery chances.

Secondly, in the cloud basket, don’t put all your storage eggs. For cost-effective storage, the cloud is important, but it does have some risks that should not be overlooked.  There have been several cases of data loss by a user simply losing their device or hard drive, so speak about best practices with team members. USB sticks are much more fragile and as a means of longer-term storage, they should never be used.

Here’s a look at some of the safest ways to secure your information from loss and data theft.

1. Back up at an early stage and sometimes

The single most significant move in preserving your data from failure is to periodically back it up. How frequently can you back up? How much information can you afford to lose if your machine crashes absolutely depends on that? A week’s job? Job for a day? One hour of work?

You could use the Windows-built backup utility (ntbackup.exe) to perform simple backups. To simplify the process of making and restoring backups, you can use Wizard Mode, or you can manually configure the backup settings and schedule automatic backups to be completed dynamically.

There are also various backup programs from third parties that can provide more advanced solutions. Whatever software you use, in case of fire, hurricane, or another natural disaster that can kill your backup tapes or disks along with the original data, it’s necessary to store a copy of your backup offsite.

2. Diversify backups

You still want more than one system for backups. 3-2-1 is the general law. You need to have 3 backups of whatever is really necessary. They can be backed up in at least two separate ways, for example, on a hard drive and in the cloud. In the event that your physical office is harmed, there should always be an off-site backup.

3. Using protection at file level and share-level

The first step is to set the permissions on data files and directories in order to keep others out of your data. You can set sharing permissions to restrict what user accounts can and can not access the files across the network if you have data in network shares. With Windows 2000/XP, this is achieved by pressing the Permissions button on the Sharing tab of the Properties Sheet file or folder.

These share-level permissions would not, however, extend to anyone who uses the local computer upon which information is stored. If you share your system with someone else, file-level permissions (also referred to as NTFS permissions because they are only available for files/folders stored on NTFS-formatted partitions) must be used. Using the Protection tab on the Property Sheet, file-level permissions are set and are far more granular than share-level permits.

In both situations, users may set permissions either for user accounts or teams and from read-only to full control, you can allow or refuse different levels of access.

4. Password-safeguard

Many productivity apps, such as Microsoft Office and Adobe Acrobat applications, allow you to set individual document passwords. You must enter your password to open the folder. In Microsoft Word apps, to password-protect a file, go to Tools, Options and click the Protection tab. In order to open the file or make changes to it, you can set a password. The form of encryption to be used may also be set.

Regrettably, the password protection offered by Microsoft is reasonably easy to bypass. On the market, there are applications designed to recover Office passcodes, such as Advanced Office Password Recovery from Elcomsoft (AOPR)  (AOPR). Like a regular (non-deadbolt) lock on a door, this form of password defense can discourage casual would-be intruders but can be circumvented reasonably easily by a committed intruder with the right instruments.

You may also use zipping tools such as WinZip or PKZip to encrypt and secure documents.

5. Using encryption using EFS

Support for Windows OS File System Encryption (EFS). To secure individual files and folders stored on NTFS-formatted partitions, you can use this built-in certificate-based encryption tool. It’s as simple as picking a check box to encrypt a file or folder; just press the Advanced button on the General tab of its property management. Notice that you cannot simultaneously use EFS encryption and NTFS compression.

EFS requires, for both security and performance, a mixture of asymmetric and symmetric encryption. A user must have an EFS certificate to encrypt files with EFS, which can be provided by a Windows certification authority or self-signed if there is no CA on the network. The user whose account has authenticated the EFS files can be accessed by the user or by a designated retrieval agent. You may also appoint other user accounts for Windows, but not Windows 2000, that are allowed to access your EFS-encrypted files.

Notice that EFS is for disk data protection. If you send a network-wide EFS file and someone uses a sniffer to catch the data packets, the data in the packets will be readable.

6. Using encryption on disk

There are several products available from third parties that will permit you to encrypt an entire drive. Entire disk encryption locks all the contents of the drive/partition of the disk and is transparent to the user. As it’s submitted to the hard disk, data is automatically encoded and automatically decrypted before being loaded into storage. Inside a partition, some of these programs will build invisible containers that behave like a secret disk inside a disk. Other users only see the details on the “outer” disk.

For encrypting removable USB sticks, flash drives, etc., disk encryption services can be used. Some allow a master password to be created along with secondary passwords you can give to other users with lower rights. PGP Whole Disk Encryption and DriveCrypt, among many others, are examples.

7. Using public-key infrastructure

A framework to control public/private key pairs and digital certificates is a public key infrastructure (PKI). Because a trustworthy third party (a certification authority, either an internal one built on a certificate server on your network or a public one, such as Verisign) issues keys and certificates, certificate-based security is more robust.

By encrypting it with the public key of its intended user, which is open to everyone, you can safeguard data you want to share with someone else. The creator of the private key that matches the public key is the only one who will be able to decrypt it.

8. Conceal data with digital signatures

A steganography software can be used to conceal data within other data. For example, a text message may be hidden within a .JPG graphics file or an MP3 music file, or even within another text file (although the latter is difficult since there is not a lot of redundant data in the text files that can be replaced by a hidden message). Steganography does not encrypt the message, but in combination with encryption software, it is sometimes used. First, the data is encrypted and then concealed by the steganography program inside another file.

The sharing of a secret key is needed by some steganographic techniques and others use public/private key cryptography. StegoMagic is a common example of steganography software, an opensource download that encrypts messages and hides them in files.TXT,.WAV, or.BMP.

9. Protect in-transit data with IP protection

You can capture the data as a hacker with sniffer software flies across the network (also called network monitoring or protocol analysis software). You may use Internet Protocol Protection (IPsec) to secure your data while it is in transit—but both sending and receiving systems need to help it. Microsoft’s Windows 2000 and later operating systems have built-in IPsec help. IPsec does not have to be known to applications because it works at a lower stage of the networking model. Encapsulating Security Payload (ESP) is the confidentiality protocol IPsec uses to encrypt data. It can work in tunnel mode, for protection from gateway to gateway, or in transport mode, for protection from end to end. You need to build an IPsec policy to use IPsec in Windows and choose the security features and IP filters that it will use.

IPsec configurations are setup via the TCP/IP Protocol Properties Sheet on the Advanced TCP/IP Settings tab of the Options tab.

10. Stable wireless transmissions

The information you sent over a cellular network is much more vulnerable to capture than the information sent over an Ethernet network. Hackers do not need physical access to the database or its devices; if the wireless access point is not configured safely, anyone with a wireless-enabled portable computer and a high-gain antenna may catch data and/or get into the network and access data stored there.

Only wireless networks that use protection, preferably Wi-Fi Protected Access (WPA), which is stronger than Wired Equivalent Protocol, can send or store data (WEP).

11. To maintain access, use rights management

You may use Windows Rights Management Services (RMS) to monitor what the recipients are capable of doing with it if you need to send data to others but are concerned about securing it once it leaves your own system. You can assign rights, for example, so that the recipient can read the Word document you sent, but can not edit, copy and then save. You can prohibit recipients from sending them e-mail messages and you can also schedule files or messages to expire on a certain date/time so that they can no longer be reached by the recipient after that deadline.

You need a Windows Server that is configured as an RMS server to use RMS. In order to access RMS-protected documents, users need client software or an Internet Explorer add-in. A certificate must also be downloaded from the RMS registry by users who are given privileges.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top