HKCert
Security Guideline

Data Protection Guideline

Release Date: 23 / 09 / 2008
Last Update: 31 / 03 / 2014

 

The recent incidents of personal information leakage have attracted much public attention. Have you been worrying about your own data privacy? Do you know what risks are associated with storing data on the computer? What measures are available to mitigate these risks? This guideline is divided into four sections:

  1. What kinds of risks are associated with data
  2. How to manage data protection effectively
  3. Measures to protect data
  4. How to manage data protection effectively

 

What kinds of risks are associated with data

There are three kinds of data risks: data loss, data corruption and data leakage. The threats to data come from the followings:

  1. Natural Disaster
    • Fire
    • Flood
    • Earthquake
  2.  

  3. System Flaw
    • Hardware Failure
    • System Crash
  4.  

  5. Human Error
    • Accidental Deletion/ Modification
    • Data Leakage by Loss of Mobile Devices, Storage Media or Backup Tapes
    • Improper Hard Disk Disposal
    • Improper Data Uploading to Server or Cloud Systems
  6.  

  7. Internal Disgruntled Staff Attack
    • Theft by Staff
    • Intentional Deletion or Alteration
  8.  

  9. External Attack
    • Theft
    • Theft of Mobile Storage Devices or Mobile Devices/li>
    • Cloud Storage Service being Hacked
    • Hacker/ Malware causing Theft or Corruption of Data
    • Data becoming Encrypted and Inaccessible after Ransom-ware Infection

 

How to manage data protection effectively

The amount of data that an average person came across daily is enormous. It is infeasible to protect all the data we are aware of. So we have to know what data are important to us and focus our resources to protect them. We have to establish clear management policy and adopt effective procedure and tools to implement the policy.

 

  • Firstly, we have to conduct data classification. Data of different criticality level requires different treatment in protection.
  • After classification, we can set priorities of protection according to the policy, and apply proper access control to sensitive data via management and technological means.
  • We should require staff to report to management on any data security issues like data loss, damage or leakage.
  • We should communicate the above messages of the data protection policy to all staff without ambiguity.
  • If the company needs to involve a third party in data processing, e.g. involving a service provider in computer repairs, we should require the third party to comply with the data protection policy of the company.
  • We should implement the following data protection measures and use the following tools to enhance the efficiency.

 

Measures to protect data

  1. Segregation of data storage
    Segregation (or separation) of data storage is a simple but important first step. Firstly, we can separate the operating systems from the data to make repairing of the system easier. For example, if the system fails or is compromised by hackers and malicious software, we can reinstall the operation system without affecting the data storage area. Secondly, we can separate sensitive data from common data to ease the administrator applying access control to minimize the risk for data leakage.
    • Storing in different servers (more secure) – applicable to business environment. For example, data of personnel department and financial department should not be stored together with data accessible by normal staff.
    • Storing in different hard disks – applicable to desktop computers. When the system is damaged or system disk is faulty, the system disk needs to be restored. The data (on a different disk) is not affected. If we take a broken computer to third parties for repair, we can take out the hard disk which stores the important data.
    • Storing in portable hard disks – applicable to notebook computers. When system partition is crashed and is to be restored, data on a separated partition is not affected.
  2.  

  3. Backup
    Backup refers to making copies of system, document files or database, so that when data security incident occurs or data is infected with ransomware, the data backup may be used to restore the original and the operation can return to normal.

     

    Backup Management
    1. Backup Frequency - We should schedule regular (for example daily or weekly) backups and store multiple versions.
    2. Backup Process Monitoring – We should always check whether the backup process is completed successfully.
    3. Assurance of the Usability of the Backup – We should do recovery drill test regularly to ensure that the backup data can be recovered correctly. Also, we should label the backup media (backup date and brief content description) clearly and create an index table for backup media.
    4. Storage environment
      - DVDR and CDR should be kept away from direct sunlight, moisture and chemical.
      - Tapes, flash drive and removable hard disks shall be kept in a dry and electrostatically free space.
    5. Storage place - Backup media should be kept in a safe place outside the office. It can only be accessible by authorized people.
    6. Backup protection - The sensitive backup data should be encrypted.
    In recent years, it is becoming popular using cloud storage for data backup. Such service, however, also brings security risks. If you are interested in this service, please refer to our "Cloud Storage Selection and Security" Guideline.

  4. Encryption
    Encryption is a process of scrambling and transforming data using encryption key and some specific algorithms into an unintelligible format that seems to be useless and not readily understandable. To decipher a text, user must use the relevant encryption key to decrypt and reinstate it to the initial text. There are two ways of data leakage. Firstly, data residing on computers, mobile devices, storage media or cloud storage is being copied across. Secondly, data on transport channel (e.g. E-mail or uploading and downloading files in cloud storage) is being intercepted. In both cases, data leakage can be prevented by encryption.

     

    Select an encryption method
    1. Encrypt files stored on local computer
      Use an external encryption program:
      External encryption program requires users to set up a secret key, and use this secret key as the encryption key for the cryptographic algorithms to encrypt the files. When decrypting, the program requires users entering the same secret key.

       

      Use external device as a token with an encryption program:
      External device is used as a token. The computer which has some secure encryption / decryption programs installed will verify that the correct device is plugged during encryption and decryption. Otherwise, the protected files will stay invisible and cannot be opened.
    2.  

    3. Encrypt the files stored in mobile devices
      Use the data encryption feature provided in the phone:
      To use this feature requires setting up a screen-lock password, since the encryption key is generated by the screen-lock password you set, so use a more complex password combination.
    4.  

    5. Encrypt files on transit
      When transferring an encrypted file, the sender needs to inform the receiver the encryption key (the secret key) so that the receiver can use the key to decrypt the file. However, exchange the encryption key on the Internet is not safe. Therefore, people develop the following two methods for key exchange.

       

      For secret key encryption, use an alternate channel to exchange the secret key:
      In symmetric key encryption (where the same encryption key is used for encryption and decryption), the sender should send the encryption key to the receiver via a different channel from the file transfer (e.g. SMS, telephone) to avoid people intercepting the encrypted file and the key in the same channel and crack the encrypted file.

       

      For public key encryption, use a pair of mathematically related, but different keys (a private key and a public key):
      This is the encryption method provided by Public Key Infrastructure (PKI). The sender can encrypt the message with receiver's public key. When the receiver receives the encrypted message, he uses his own private key to decrypt the message. Different people can use the same public key of the receiver to send files to him. It can solve the problem of memorizing a large amount of keys.

    Note: Some people use the encryption facility of Microsoft Office to encrypt office documents. We would warn that such weak encryption can be easily broken, and hence it is not recommended for the protection of sensitive information.

     

    Select secure encryption algorithms

    1. We should choose the standard algorithms like AES or Blowfish and use a key size of 256 bits or more, because some older encryption algorithms (e.g. DES/3DES) have been broken or not strong enough as of today while other non-standard and non-proven encryption algorithms have no assurance.
    All encryption programs or methods are using the password to get the secret key. If the password is too weak, it will render the sophisticated encryption program or algorithm useless, so we should use the password which is difficult to be broken.
  5.  

  6. Data recovery
    Data recovery is using some tools to recover deleted or corrupted data. When system deletes a file, it just removes the index of the file in File Allocation Table (FAT) but leaves the data on the hard disk intact. Therefore, you can use some tools to recover the data which is deleted by accident. In the normal circumstances, data loss due to software or hardware failures can be recovered with a probability of about 85 percent. But we would remind you that if you encounter data loss, you should stop all operations immediately and do not restart the computer. Otherwise, the success rate of data recovery will decrease.
  7.  

  8. Permanent Deletion of Data
    1. Hard Disk
      If we want to remove the data totally, we should overwrite all the sectors holding the old data. Standard data deletion method and program should meet the U.S. Department of Defense Data Eraser Standard 5220.22-M which requires using different combinations of bit patterns to overwrite the sectors on the partition to ensure that the data cannot be recovered.
    2.  

    3. Mobile Device
      Activate the encryption and remote device wiping functions, and use a screen-lock password to prevent unauthorized login when the phone is lost. We should immediately use the remote device wiping function to clear all the data on the phone if it is stolen.

       

      When changing or disposing a phone, we should use factory reset and delete all the data inside the memory. Remember to check if the external memory card has been collected before disposal.
    4.  

Useful Tools Table

 

  WindowsLinuxMac
BackupServer side
Client side
  • NTBackup.exe (built-in)
  • Areca
Synchonization
Cloud BackupFree services (with Version Control feature)

Paid services (with Version Control feature)

Cloud Encryption Service
Encryption
Recover
Data Eraser
(DOD 5220.22-M compliant)
  • Finder has built in feature to securely erase data on Mac (Link)