How to protect against data theft while connected to the internet?

Posted on 2011-04-26
Last Modified: 2012-05-11

we have one PC with sensitive data files. Only one admistrator is using this PC. The PC is not connected to an internal network. However it is connected to the internet for web browsing and email access. The question is how we can prevent outside hackers get access to the PC and to steal the sensitive data files.

We use the Avira Premium Security Suite for antivirus, malware and firewall. But I don't know if this gives me a high security standard.

What else can be done to have a professional, highly secure environment?

Question by:SergeG
    LVL 27

    Accepted Solution

    With any given antivirus / antimalware software about 40% of malware is blocked for details check

    Requirement 5 (Use and regularly update anti-virus software) can be directly mapped to the high frequency of malware used to
    compromise systems and data. Sure, over 60% of malware is customized and not likely to be detected by AV, but that means
    about 40% stands a decent chance of being recognized. Who doesn’t want a 40% reduction in risk?

    Whenever possible I would not allow direct Internet access from that computer.
    additionally an administrator should not work with administrator permissions on a computer with sensitive information.

    Also you should upgrade to windows 7 for additional security, especially when still running windows xp.
    With Windows 7 enable UAC and set it to maximum.
    If possible store the sensitive information in a secured container running a tool like truecrypt and open that container only when needed.

    LVL 3

    Expert Comment

    Well basically you want to obviously watch what sites you go to and download. But sometimes we let our guard down. So you want to take preventative measures. Kaspersky anti-virus is what we use for our clients and have never had a problem. Also you want to have passwords for users and such to have a high complexity aka using numbers, special characters, and both lowercase and uppercase letters. as well as be longer in length. Requiring the password to be changed every so often helps as well. We also highly recommend getting a high end firewall so you can monitor the incoming traffic and block various ip addresses and such

    Expert Comment

    To answer this properly I'd want to know (in general terms) what sort of files these were / how they were used.  If this is used as a standalone machine it probably implies that the logged on user is the only one who ever creates / edits / views / uses these files -if not, who does? I agree that that any web browsing / email activity carries some risk (do all the firewall / anti-virus / malware stuff but don't assume it is 100%), I'd want to add a layer of protection to the files themselves.  For example, Word / Excel files can be password protected / encrypted (using the strongest encryption available and yes, educate users to use really strong passwords) so even if the machine is compromised and the files are stolen the data they contain is still secure - and do make sure you have a strong backup strategy as well.  The Truecrypt suggestion is also good.  Maybe also see if you can arrange multiple user accounts - so user A can browse the web / use email etc. (but is prevented from accessing the files by file permissions / ACL) and vice versa for user B.  Neither should have administrative permissions for the machine.  And yes, do use Windows 7 or Server 2008 for the extra UAC protection.

    Author Comment

    Thank you all for the answers. I plan to go with the following configuration:

    1. Windows 7 (always updated)
    2. Avira Premium Security Suite (always updated)
    3. Beside the adminstrator account create an user account with UAC set to its maximum.
    4. Use TrueCrypt to store the sensitive data and open it only when needed.

    Here are some more questions:

    q1. How important is it to setup an user account beside the adminstrator account?

    q2. Is it helpfull to scan the computer e.g. once a day with several antivirus and anti-malware softwares beside the Avira software? Will this increase the 40% mentioned by Tolomir?

    q3. What about a high-end firewall as ngcmos suggests? Is this a hardware firewall? Is this much better than the Avira firewall or the Windows firewall?

    q4. I would like to use TrueCrypt to store the sensitive data only. This would be the most convenient for me. Or would it be better to use Windows BitLocker to encrypt all drives of the computer?

    q5. What settings should I use in as adapter settings of my Ethernet adapter (Local Area Connection Properties). What protocols should I disable? How should I set up the TCP/IP to be on the secure side?

    Thank you very much for your help!

    LVL 27

    Expert Comment

    q1, very important, a user account has no permissions to install services.
    q2, use a 2nd tool like with reatimescan to get a second opinion. You will not the user to scan a system manually daily....
    q3, high end is always hardware, so it cannot be compromized by a user or application
    q4, truecrypt should be sufficient, keep in mind that when truecrypt has opened a container and it is mounted as volume everyone with access to the computer has access to the data, usually no issue with just one user working on that workstation, just as heads up
    q5, don't change it, there is no security issue involved at least with windows 7

    Author Comment


    thank you very much for the detailed answer.

    regarding q3: How important is a hardware firewall? Any special guidelines to set it up?

    Thank you very much!

    Author Comment

    Sorry, one more question:

    If I should use a hardware firewall can you recommend any manufacturer or product?

    Thanks a lot!
    LVL 27

    Expert Comment

    LVL 38

    Expert Comment

    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now