Public Services and Procurement Canada
Symbol of the Government of Canada

Institutional Links

 

Important notice

This version of Favourite Articles has been archived and won't be updated before it is permanently deleted.

Please consult the revamped version of Favourite Articles for the most up-to-date content, and don't forget to update your bookmarks!

Search Canada.ca

Are you concerned about data security?

André Guyon
(Language Update, Volume 9, Number 4, 2013, page 28)

My friends usually feel safe when they’ve installed antivirus software on their computers. I like to ask them whether they also have software to protect themselves against identity theft, for example. Indeed, whether you like it or not, the security of your data also concerns your identity, and criminals who get their hands on your personal information will do anything you could imagine with it. And things that you could not even conceive of!

I’m not trying to scare you. I’d just like to help you understand certain risks and give you a few practical tips on how to reduce them. Unfortunately, in 2013, we have to be vigilant not only at the office but also at home, when travelling and with our telephones. My new smart phone, which I love, contains more of my personal information than my home computer, including information on my comings and goings.

To illustrate what I mean, I’ll share an amusing analogy. The insects and rodents that invade homes have reasons for entering them. They want to find food, shelter in the winter, a place to reproduce and so on. How do they manage to do this? They invade through openings in the building structure and get into walls without being detected.

Cybervermin also invade your privacy. They devour your personal information, which they use to steal from you, your friends and your acquaintances. Sometimes they try to take control of your wireless network or your computers to commit criminal acts. You could be used as a buffer between them and the police, and you could end up being accused of crimes perpetrated through your computer system.

Cybercriminals can easily access thousands of slave computers whose automated processes can be used to continually expand their army of malware bots.

Wireless networks are proliferating. It’s a bit like our homes being full of openings big enough to let all kinds of small harmful animals get in.

Routers

Routers provide minimal protection, which creates a false sense of security. Let me tell you about some unfortunate experiences I’ve had.

One day, I got home with a brand-new router from my Internet service provider. It had a password written under the router. I connected to Internet by satellite only to discover that there was already an intruder on my network. The intruder was perhaps present without being aware of it. I had just hooked up the router. As I live practically out in the country, only four or five houses near my home could "see" my network. This showed that:

  • The security level was too low.
  • The default password was too short, even though it was practically impossible to memorize.

What did this mean? Without the right security level and a good password, the router was like a sieve.

A few practical solutions

  1. Choose the most up-to-date security level, namely WPA-2 or at least WPA (Wi-Fi Protected Access). If you want to experience what I went through, choose WEP (Wired Equivalent Privacy).*
  2. Create a password that is as long as possible and includes:
    • At least one uppercase letter
    • At least one lowercase letter
    • At least one number
    • At least one special character that is neither a letter nor a number
  3. Create a password that is easy to remember. Otherwise, you’ll have to write it on a piece of paper.**

The problem is that even if you’re younger than me, 20-character computer product code passwords are about as easy to remember as the telephone book. But there’s no need to panic! Here’s how a person in his or her fifties can remember a password that will be good enough to resist the most common algorithms used to crack passwords.

Think of a sentence or statement that sticks in your mind. For example, you could use "Who stole the cookie from the cookie jar?"

Take the first letter of each word and keep the question mark. This is what you get in this instance: Wstcftcj? Hard to guess, isn’t it?

My password contains a combination of lowercase and uppercase letters. As it doesn’t have any hyphens or numbers, I could add a hyphen to the end of the password and replace the letter s with the number 5. With another password, I could replace an l with a 1 because both characters look similar on the screen, so someone watching me type my password wouldn’t be able to tell them apart! I could also replace the letter t with a + sign.

Earlier in this article, I mentioned routers, which are the main vehicle used by cybercriminals. Here’s a simple tip: when you buy a router, ask the salesperson whether the device uses the anti-bot technology called CAPTCHA. What I mean is the distorted characters you have to input to prove that you’re not a machine. Here’s what I’m talking about:

CAPTCHA

My current router is equipped with this technology. One day, I noticed that there were some 15 users connected to my network even though I didn’t have that many computers, music players and game consoles in the house.

In a strange coincidence, my sons had downloaded a "free" game from a company that had no street address.*** As I was saying earlier, parasites sometimes get inside walls without our being aware of them.

The "bot" downloaded in this way had probably managed to connect as an administrator on my router. From inside the computer, a malware program will always find even the best passwords within months, unless it also has to break through other security mechanisms, such as having to enter one of those almost illegible words. If the correct word is not entered, the system will come up with a new one. CAPTCHA is an extremely difficult barrier for a bot program to get past.

This is the end of my misadventures (I hope).

Web mail

I love Web mail. It allows me to access my email messages from any location in the world. However, hackers could try to connect to my email account and I wouldn’t find out about it, which is not true when someone tries to access my network at home.

Even if hackers used no more than two words at a time several times a day, with a little patience they could end up "guessing" my password.

Obviously, the advice given above applies to any place containing a contact list. Hackers are really interested in your contact list. They might use it to tell your friends that you are in trouble in a foreign country and need an urgent wire transfer of funds that you will pay back when you get home.

Data in your computer

In a previous article,**** I suggested that people with important documents should put them in a cloud.

Fire and water damage never give any forewarning before they occur. In some cases, you want to protect important files. In other cases, you don’t want the content of your files to be seen by anyone for fear that there could be a theft committed against those who are hosting you in their cloud. Your children’s photos, your love letters, scanned copies of your invoices and your insurance policies, etc. could be at risk.

Therefore, in this instance, I would recommend a virtual safe. I use an excellent one that was recommended to me by a colleague who is a security expert. TrueCrypt is considered good enough for military organizations, among others.

This software creates a large file that you then use like a disk after you enter your long, easy-to-remember password. If you are not really comfortable with the instructions, have the application installed by a computer specialist, but only once you are comfortable with your long, easy-to-remember password. Above all, you don’t want him or her to find out what your password is. You can then copy the file onto the cloud provided free of charge by Microsoft, Google or other companies.

Telephones

Our phones are no longer just telephones, but virtually open books about our lives. If an intelligent thief finds my phone when it’s not adequately protected, he’ll only return it to me once he’s finished carefully copying all its contents, something that takes two minutes to do.

In addition to getting hold of my colleagues’ contact information, he’ll know more about my personal life than my colleagues and my friends do.

I shudder to think what would happen if I were blackmailed with threats to publicly disclose my personal information, including where I’ve buried my treasure chest.

To avoid such grief and fraud, I’ve installed an antivirus, activated the data encryption function and, obviously, created passwords that are easy to remember but hard to guess.

There you have it. These are just a few tips that will make your life easier and cybercriminals’ lives more complicated.

Remarks

  • Back to remark 1* WEP was the default protocol in 2010. It is now outdated.
  • Back to remark 2** This is comparable to leaving your house key in your mailbox. Savvy burglars realize that they first have to look under the doormat, in the mailbox and in the flower pot before breaking in.
  • Back to remark 3*** It is indeed true that security is not foolproof. A good hacker will always find a way to connect without logging in.
  • Back to remark 4**** See “Favourite ArticlesCloud computing,Language Update, Vol. 7, No. 3 (September 2010), p. 26.