Personal data security 101

Cyber theft is everywhere. People all over the world are continuously looking to make money from data theft or blackmailing. There is no such thing as a completely secure environment – with enough money and resources any technology is hackable. As a security measure, countries such as Russia have established regulations which state that data must be kept locally inside their own country. However, this still does not protect data from outside threats. About 10 years ago, “secure” passwords could take years to crack…today it can take just minutes.

This is the new reality of the world we live in. However, the good news is that there are solutions available to protect personal data. This article will explain the lengths we, at Geotab, go to in order to in order to improve your data is security, and provide some pointers and recommendations on how to keep your personal information and data safe online.

Why Me?

There are any number of reasons why hackers would target you or your accounts, but it’s mostly based around the hackers making a quick buck. Judging from the fact that almost half of all U.S. adults have been hacked in the past year, it is safe to say that your private information is worth money to someone. Hackers will generally pursue the easier targets or high-value targets to make it worth the risks. The harder you make it for them, the less likely they will try and steal your data.

But I have a strong password.

While you may think you are secure by having an exclamation mark, a hash mark, and some mix of upper and lower cases in your password, the stark reality is that with all the computing power available today, what once took years or decades to crack, now takes very little time at all.

Hackers wanting access to your accounts will first find out more about you to help pick up trends, interests and ideas around your passwords. Be careful what you share on social media sites and profiles that can be accessed by others.

While there are different opinions as to what constitutes a strong password, passwords that don’t follow a pattern and are not related to you in any way are generally more secure. Even 4 or 5 random words (like treeverbframeblue) that have no association with you or with each other, will be much more secure than SpoTtHeD0G!@#@!.

It is also very important that you do not reuse your passwords. The average internet user has 26 online accounts, but uses only 5 different passwords. This common practice is putting your personal data at risk in a number of ways. While your banking site may be very secure, your profile on your online gaming system might not be. If a hacker gains access to that, they will reuse that password on your other sites. A good idea is to have one for your banking, one for your work, one for your social site(s) and random ones for other, obscure sites – just make sure they are all different from each other.

Two-Factor Authentication can help make a site more secure by requiring an additional layer of security before you can gain access. This extra confirmation is in addition to your password and can be in the form of a special app on your smartphone, a USB key inserted into your computer, or even a separate text message sent to your phone.

This software looks completely legit, I am going to download it!

Due to the increasingly complex methods being used by hackers today, It would be impossible to list all the possible tips on how to spot good vs bad emails, software, or sites out there. Hackers are constantly getting better at fooling people into thinking that the link in the email is valid and important, or that the software that secretly contains a keylogger, is critical to fix your “corrupt system”.

An easy way to improve your security online is to not trust anything that is sent to you unless you are 100% certain about the validity of the link or file (such as when a colleague gives you the heads up about a work document they will be sending you, or your banker called you to let you know that there is an online application you need to complete). Unless you completely trust the source of the link or software sent to you do NOT click on the link or install the software. Instead, contact your system administrator or trusted IT friend and ask them to verify it.

Even though some software applications or sites appear to be completely legitimate, they could very well be set up to lure you into adding in your personal information, such as your login credentials, or it may secretly install a piece of software that records every single keystroke you make.

OK, so how about MyGeotab?

Security is one of the top priorities at Geotab. Every single process we have undergoes a security review to ensure we are doing the best possible job in keeping everything safe and secure.

The Geotab People

We start off with doing complete, formal and government-approved background checks on all our staff and sub-contractors. We take numerous precautions to establish that anyone who may have access to some of our data would have no known reason to pass that data along. We also put all staff through regular security-awareness training, to ensure they know what their legal obligations are, where a potential risk might exist, and to pick up on suspicious activities of others. Geotab’s staff all remain committed to affirming that all customer and Geotab data is kept safe and secure.

Geotab’s technical staff are very well trained in best practices around security and all code or process changes are peer-reviewed to ensure no possible threats are inadvertently exposed. Our adopted processes prevent weaknesses such as SQL injection attacks and other such threats from showing up.

The Geotab Network

As part of our ongoing efforts to maintain a secure environment, we have adopted a policy of least privilege for all our staff. All access requests to specific resources are only approved based on the role of the individual, is completely logged and limited in time. All security and other logs are archived daily and stored in a separate location, for at least two years.

Our servers are separated from our general network and are housed within secure datacenters (with redundant power and network backups). No one outside of Geotab has access to any of the servers and the data contained within.

All relevant data is backed up and stored securely in an offsite location, and is only accessible to approved IT operations staff via our internal network.

No data is allowed to be copied, transferred or moved from the secure server network without prior authorization.

MyGeotab

While Geotab follows best practices to protect your data from the back-end, you as a user would need to do your part to protect your data from the front-end. Please consider only assigning specific privileges and rights to users who need it, and ensure that all users are fully aware of the consequences of sharing usernames and passwords with others.

When you sign into MyGeotab, all information is transmitted back and forth between Geotab and your browser over an SSL link (fully encrypted and very secure). Your passwords are one-way encrypted (salted hash) before getting stored within our systems, which means that they cannot ever be read, decrypted or recovered by anyone.

Another security feature we have in MyGeotab is that anyone (even Geotab employees) logging into and accessing any part of your MyGeotab system is logged permanently and cannot be changed or removed. That way you will have complete transparency as to who did what on the system and when.

While its possible and likely that your MyGeotab data is stored on a server that contains other customer data (multi-tenant), Geotab adopts an isolated multi-tenant approach so that your data is completely isolated from other customers and can never be merged or cross accessed.

Furthermore, to add an additional layer of security, Geotab has elected to regularly run our MyGeotab & other servers instances through online PCI-based (banking & financial standard) vulnerability checks. This scan is done before we publish a new build and will identify any potential holes that may exist, so that we can fix them before they go live.

Our Datacenters

Geotab has partnered with datacenters. IAAS (Infrastructure-As-A-Service) providers such as Q9 Networks and Microsoft’s Azure platform adopt industry-standard security processes such as SSAE-16 TYPE II and SAS-70 TYPE II standards. These services help improve the security of Geotab’s physical servers and helps keep our virtual machines in more secure, redundant environments. Under no circumstances would anyone other than Geotab approved staff have access into our servers or virtual machines.

All devices that are no longer required are disposed of using industry-standard best practices. All hard drives are properly destroyed to ensure that data cannot be recovered.

Our Devices

The Geotab GO devices are designed to record position, vehicle state, driver identification, and auxiliary data in a raw format. The device does not store personal driver information. This raw data is transmitted over a secure channel, such as a cellular network, to Geotab’s gateway servers, which hold the raw data until its delivered to the MyGeotab system. Only there is the raw data linked to specific data that you define, such as driver names or vehicle registration numbers.

Conclusion

There are a lot of TLA’s (three-letter acronyms), buzzwords, scary phrases and other complicated jargon regarding data security that may seem confusing and overwhelming to those without technical knowledge in this area. But by following the guidelines mentioned in this article, you will be able to better protect yourself, and rest assured that your MyGeotab data is safe, secure and tucked away.

For your convenience, below outlines a short list of security tips for you to consider and refer to:

• Do not share any of your passwords with friends, family, or colleagues
• Keep different, unique passwords for different sites or services
• Only log onto your applications or online sites with your own credentials
• Change your passwords if you ever suspend that it may be compromised
• Don’t leave personal information out there for others to use against you
• Do not trust anyone online
• Do not leave USB sticks or portable hard drives lying around

For any information relating to this article, or any questions you may have relating to security, please email security@geotab.com.

For more information and to see Geotab’s official Security policy document, please click