Several people have told me over time that it is very good to advise or say in a video what companies should do to be safe, but because I never say what I do about it.
So in this post I will tell you how I protect my personal information and that of my clients, I know this leads to a risk since it is to give valuable information to the one who wants to apply me an ATP, but in the end the one who wants to do it. figure out what use you're going to make of it so why not count it.
I am one of those who believe that you preach by example so for those who have told me that it is very good to advise but also tell them how I do it, let's go for it.
I will divide the protection into three different categories:.
- Online security; Here are grouped the security measures I take to protect my online accounts from all services.
- Security in files; In this section we will see the main measures I take to ensure the security of the files.
- Device security; Finally, we will see what measures I apply to keep my devices safe.
Online security; Measurements on all online service accounts
Most of the services we use and the information we currently store is in services at line.
The measures that I usually apply in this type of services are basic and that we should all do it and are the following following:
- 2FA; The double authentication factor is basic in all accounts, if the service always allows it. I have it activated, in this case I try to avoid verification by SMS.
- VPN; Whenever I connect to a network outside the office or my home, I set up a VPN for make sure that access to my services is protected.
- FIDO U2F; In all services that support FIDO try to use it, or Windows Hello if supported by the service.
- Never remember passwords; Never tick the box to keep logged in and I also don't have enabled the option to remember password in the browser.
As far as online services are concerned, these are the basic measures that I take as standard and that should always be followed. as long as the service allows it.
File security; How do I protect stored information?
All information is stored in OneDrive for Business or Azure Storage and is protected by the data loss prevention policies of Microsoft 365 DLP and Azure RMS , additionally I take some extra measures and are as follows:
- Encryption; All information is encrypted by Azure RMS with AES 256 algorithm.
- Sending files; In the case of files that are sent to external are always encrypted with exclusive permissions for the recipient, in the case of PDF or Office files are also protected by Azure Document Tracking.
- Never send copies; This is important, I always share a link with the minimum required permissions by the recipient and never send copies as attachments.
These are the basic measures I apply to file management to ensure that the information is safe.
Device safety; How do I protect my devices?
Currently I use the Microsoft Intune service to ensure that my devices comply with my own policies, among the most remarkable adjustments are the following:
- Encryption; All devices are encrypted using BitLocker, as well as all units, not only the of the operating system.
- Blocking USB ports to other people's drives; All my devices are locked against writing. USB ports for removable drives that are not encrypted by my organization.
- Azure AD; All my devices are attached to my own Azure AD organization, thus monitoring login attempts, correct logins, among other things.
- Original software; All installed software is original and from reliable manufacturers, which decreases the risk of vulnerabilities as it is kept up to date.
In general I try to follow the standard that dictates the ISO 27001 for the handling of information, regardless of whether this information is a selfi or is a backup of a database, always try to follow the best practices.
I hope this will help you plan to add more security to the information of your business, and I hope also to the that I have been told how I protect my information and that I should say how I do it before advising someone else. the basic measures I take for the security of my data.
We read soon in another post, greetings.