Have you ever been tempted to steal The Crown Jewels? Probably not as it seems an impossible task with huge repercussions. Nevertheless we have seen recently how a group of men successfully breached security measures and got away with The Crown Jewels of Sweden in the middle of the day! Year after year we hear reports of massive companies being targeted and their security measures being successfully breached. Let's examine the type of security measures that the jewel thieves had to overcome and what we can learn.
Security Measure 1 - Security guards at various posts
Passwords can provide various layers of protection...so long as you don't use the same password on more than one account. For the sake of expediency we often fall into the trap of using the same password on multiple accounts, this can be as fatal as having one security guard looking after an entire location on his own.
Password Security Tips
Security Measure 2 - Jewels kept behind bullet-proof glass
Take advantage of Encryption services to protect your data. Neglecting to encrypt your data is like leaving the jewel case open.
Encryption Security Tips
- Make use of commercial encryption services such as Boxcryptor for dropbox
- Whatsapp allow messages to be encrypted
- Use GPG Suite to encrypt, decrypt, sign and verify files or messages
Security Measure 3 - Alert Alert Alert
The sooner you are made aware of a breach in your security the better, this helps minimise the damage done making recovery quicker. Make sure you set up alerts for unusual activity and monitor them regularly.
Security Measure 4 - CCTV
Monitor who has access to your data / credentials. Follow the rule of least privilege, if an individual doesn't need access to something don't give it to them. If someone needs temporary access to a system be sure to revoke that access when the need ceases.
When the Jewels are stolen
Plan for the worst, hope for the best. As we learned at the opening even with the best security measures in place, data breaches are still possible. Make it hard for the potential threats to get in and there is a high chance they will give up, at least for a while. Always have a disaster recovery plan in place and above all don't fall into the trap of thinking it won't happen to you.