If You Want to Be Secure, Then You Have to Protect Yourself

A statement from Sergej Schlotthauer, VP Security at Matrix42, on data hacks of German politicians and celebrities


It’s difficult to imagine that a school student was the main suspect in a cyberattack that leaked reams of data belonging to German celebrities and politicians by presenting it to the public in an “Advent calendar” on Twitter. After all, the accused wasn’t even able to carry out two-factor authentication during the interrogation – a procedure which – to the best of the authorities’ knowledge – had been part of the attack. It’s much more likely that several hackers were involved in the crime, and that the truth remains under wraps. It’s incredibly difficult to track down the true culprits, and it’s almost impossible for the state and authorities to prevent attacks of this nature. If you want to be secure, then you have to protect yourself. But which option offers the right protection?

 

The secure password

As we all know, passwords are the first line of defense in protecting your data. We’re always warned not to use straightforward passwords, and advised to handle them confidentially. The directive of the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik – BSI) – which has been around for a few years – can be easily found online to help with this issue. But you’ll be amazed to find (time and time again) that 123456 is still the most commonly used password. How can that be? Funnily enough, this problem is probably linked to the BSI’s recommendations that a password should be complex and consist of different types of characters. However, this makes them difficult to learn by heart, especially since you need to use so many different passwords for different things these days.

 

The secure password manager

This means that you have to write them down somewhere, which gives rise to another problem. How do I make sure that passwords are available to me when I need them, while ensuring that third parties can’t steal them? This is where modern password managers can lend a helping hand. They serve as a safe on your computer or in the cloud. All you have to do is remember just one password to open the safe. You will find all your other passwords encrypted securely in the password manager.

 

The secure encryption

Encryption is the second security measure that is frequently brought up. While it won’t prevent your data from being stolen, it will make it unusable for data thieves. The work involved in cracking modern encryption codes is too much for run-of-the-mill hackers. However, encryption is used far too rarely, both in the private sphere and in the business world. But why is this? Convenience plays a major role here, as container encryption is the most widespread encryption method. This involves defining and setting up a container, before generating a password for it. All data that is placed in the container is encrypted. The container has to be opened using the password each time the data is needed again. This makes additional, tedious work steps necessary each time you want to encrypt or decrypt data. This also results in additional passwords being accumulated. But if you’re advised to encrypt everything, then why is the container needed at all? Why isn’t all data simply encrypted in a normal storage process? File-based encryption solutions or “on-the-fly encryption” do just that without needing additional work steps. You identify yourself once, and then the data is always accessible. If you also use two-factor authentication at the same time, then your data will be very secure in the future. The fact that it is simple to manage makes it suitable for both private and business IT users. When it comes to data used for business purposes, the EU GDPR stipulates that personal data must be encrypted – meaning that encryption also solves this issue.

 

A third important principle applies to the world of business: ‘Only a managed computer is a secure computer.’ All commercial IT devices form part of a company’s network and security management. Companies and organizations that use a solution that offers management and security for all endpoints from one source enjoy the maximum level of security.