data security | Jason Palmer, CPA, CITP

Data File Security

There was a time in the 1970’s through about 1995, before the modern Internet, when the person who managed your Information Technology could say with absolute certainty that he or she knew all of the possible entry points in to your network and exactly where your sensitive corporate data was stored.

In the early days of Information Technology, data resided on a mini-computer or mainframe that was installed in a special room that was physically locked in the center of your office space. Green Screen “Dumb” terminals were the only way to access the Corporate Data. There was no connectivity to the outside world. The only way data entered or exited your office was on paper or possibly a heavily guarded backup tape in-transit to an off-site storage location.

In the late 1980’s, the Green Screen “Dumb” Terminal begins to be replaced with the “Smart” Personal Computer. In fact, the mini-computer and mainframe for many applications also begins to be replaced by more powerful Personal Computers known as Servers. With the dawn of the Personal Computer, came the Floppy Disk, Zip Disk, and similar precursors to the modern day USB Flash Stick Drive.

Even though data was now being created and stored outside the highly secured “Server Room”, the Information Technology Manager still had a significant amount of control as floppy disk drives could be disabled. Data stored on Floppy Disks or Tape had the potential for “mobility” but could be serialized and tracked like any other corporate asset.

Few PC’s had direct communications capabilities to the outside world and even if they did, Modems were extremely slow. Since Modems used regular phone lines, and all pricing was “per minute” it was easy, even if after the fact, to notice a multi-hour phone call to AOL or Compuserve (early online services) and investigate.

Data, up until the turn of the century, mostly left an organization the old fashioned way: on paper. Again, depending on the volume of information being printed, the Information Technology person might notice excessive printing activity and then investigate.

After about 1995, with the accessibility of the Internet starting to become common place and significant price drops in the cost of Personal Computers, for the first time, an employee might actually be able to take data from the office and bring it home to continue working on it. Communication speeds increase dramatically and now instead of taking hours for a file to be transferred via Electronic Mail or a File Sharing Service, it takes minutes or seconds.

It is at this point in the timeline of the modern computer era that the Information Technology Staff can no longer say with any certainty or confidence that they “know were all of the corporate data is.”

No longer is the transport of sensitive corporate data limited to that which could be physically carried out the door on paper or a disk, but now it can be sent across town or across the country or globe in an almost untraceable manner over the Internet. I say almost untraceable because the tools were not widely available to the average Information Technology person, nor was there a mindset, of securing and tracking both the creation, management, and transport of sensitive corporate data in the majority of businesses. (Banks, Public Companies, and Government Agencies are generally the exception.)

As the realization hits home that data has become mobile, technology catches up and businesses start to create policies and implement tools that are able to track the movement of sensitive information within an organization and in many cases prevent it from leaving the confines of the company.

Tools to accomplish this include the ability to log the username of every person who accessed specific files, such as Microsoft Word Document or Excel Spreadsheet for real time or after the fact review (audit trails); Advanced Content Filtering Firewalls that can scan every email and attachment going in and out of a company via the Internet looking for key words that might indicate a security breach or espionage; and, Company Policy Manuals that explicitly and politely remind employees about the definitions of “Confidential” and “Proprietary.” Even though most every Personal Computer has a USB or CD/DVD drive, the Write functions can be disabled or password controlled as an added measure of security.

So when you walk in to your office today, take a look around and ask yourself, “Do you know where your sensitive Corporate Data is?” And, more importantly, “What have you done to secure it?”

If you or your Information Technology person cannot answer this question with the same certainty of 30 years ago, engage a Data Security Professional who can help put the “Genie back in the Bottle” and keep your sensitive corporate data secure.

VaultPress is the logical response to the expression, “It is not a question of if your WordPress site will crash and you will lose all of your data, it is just a question of when.”

A WordPress site, like any other web site is susceptible to hacking, a virus infection, or just a plain technical glitch that in a matter of seconds can erase hours or months of work. Backup, Backup, Backup is something that everyone is reminded to do but seldom does on a regular basis.

Traditional thinking says to backup your site once per day. In some cases the Site Hosting Company may do this for you. If the site is an active one with visitors posting comments or articles and media being added throughout the day, can you really afford to potentially lose the last 24 hours worth of content?

The VaultPress plugin is a realtime, continuous backup solution that will grab a copy of every post, comment, media file, revision and dashboard setting, every time a change is made to your site.

The Basic VaultPress plan, starting at just $15 per month includes: Realtime Backup, Automated Site Restore (for just files or the Database), Archiving of your site at a point in time, Statistical Information, a Backup Activity Log, Full Site Disaster Recovery (for when things go very bad) and Concierge Support Assistance to help you get started or in case of crisis.

The Premium VaultPress plan is $40 a month and includes all of the basic plan features plus various security scanning features and a slightly more seamless site migration solution for moving the site between servers (usually only for changing Web hosting companies.)

There is an Enterprise VaultPress plan at $350 a month that might be appropriate for very large and very active sites that have thousands of visitors daily and requires a rapid response and recovery time in case of a site failure.

The greatest thing about VaultPress is that it will backup a WordPress site of any size and can be installed and configured in about five minutes. Download and install the VaultPress plugin, add in the license key and that’s it. Within minutes VaultPress starts to backup the site. And every time any change is made, VaultPress initiates a process to backup that change.

I use it for JasonPalmer.com and it is the easiest and most seamless backup solution I have ever deployed.

Learn more about VaultPress at:
– http://www.vaultpress.com

It’s 2013 – Do you know where your sensitive corporate data is?

VaultPress Completely Automatic Backup for WordPress