Appendix E: Security of Topicscape documents and data
Most of the suggestions here depend on the following:
- that you are using Windows 8, 7, Vista, XP Pro or 2000,
- that you have your own administrator account on the computer you're using,
- that you use "simple file sharing" (Windows Explorer | Tools | Folder Options.. | View | Advanced settings | click in "Use simple file sharing (Recommended)"). This is Windows' default out-of-the-box setting.
- that you protect your account with a good password, and share it with no one. A good password is one like "sQuibBbly25^~" that does not use a dictionary word or name, includes a mixture of upper and lower case letters, and includes some numbers and special characters too.
If you are the sole user with administrator rights on that computer, that would give you more options, but is not essential.
These are our thoughts:
1. Install Topicscape with the option that places the "My Topicscapes" folder in your own account, right click on your My Topicscapes folder and select 'Properties', then the 'Sharing' tab, and click in the ' Make this folder private' box and then press 'OK'. This will make all your Topicscapes in that folder inaccessible to other users. A folder can only be made private if it is under your account's folder. For example if your account is John, the folder to be made private would have to be one under C:\Documents and Settings\John\.
If you want to go further, again on your "My Topicscapes" folder select 'Properties', then 'Advanced' and finally 'Encrypt contents to secure data'. This changes your data so that only you when using your own account, or someone else logged into that account with your password, will be able to read it. You can encrypt a folder outside your account's folder and it will still be protected.
This secures everything that you put into Topicscape if you use the Move or Copy options (but not Link). There are two disadvantages:
- It will slow operations down a little because Windows has to decrypt anything in that folder that you want to gain access to and encrypt it again if you change it and save.
- If you are working in a workgroup environment and forget your password, or someone with access to another administrator account on that PC resets your password, you will have lost all encrypted data.
Win XP encryption is serious protection, and at the time of writing we know of no practical way to recover the unencrypted data without logging in (with the password) as the user who encrypted the files, though users of domain accounts may have the option to use a designated Recovery Agent. Microsoft's web site gives information about this.
If you take this approach, remember not to walk away from your computer and leave your session logged in. If you leave your account open and running, anyone will be able to use your account and have all of your rights. At least set up a screensaver to enforce logging in again after it times out (Control Panel | Display | Screen Saver tab | select Blank, say | set 'Wait' to 2 minutes, say | check 'On resume, display Welcome screen').
Generally it is good security practice to set up another (limited) account to use just for work on secure documents including sensitive Topicscapes. Make sure that the Topicscapes and the files that the Topicscapes use as occurrences are in the "My Topicscapes" folder of that account, and that you take the above steps for that account. You could even hide this special account from the Welcome screen so casual users of the computer will not know that it exists. That won't stop a serious hacker, but it helps against a casual snooper. Find out how to do that here:
2. If you want to protect some Topicscapes and not others, just make the individual folders of those Topicscapes protected. These will usually be in My Topicscapes unless you have moved them. But note that other users will be able to deduce the existence of the Topicscapes, even though they cannot open them. Again, the folder has to be in your account's folder under Documents and Settings.
3. If you want to protect specific occurrences only, you can make a new folder in My Documents (or Documents), set it to be private and encrypted as above, and move all the files to be protected to it before dragging them into Topicscape. Then choose 'Link' when Topicscape presents the Move/Copy/Link choice.
4. Finally, if you have just a few items to protect, like a passwords file or investment and banking records, you can use the latest version of Winzip to zip them up and select 256-bit AES encryption. Then make the zip file into an occurrence in Topicscape. This has the minor inconvenience of needing the file to be unzipped when you want to use it but it is perhaps simplest option for a few items. It has the advantage that it will ask you for the password to open the zip file each time you use it. So even if you leave your computer logged in and walk away, provided you have not left the zip file itself or its contents open, someone prying into your computer would not have access to the sensitive material. You would not want to use older versions of Winzip, as the encryption was cracked long ago and the Winzip version that first offered this encryption standard (9.0) was found to have a security flaw, so you should get the very latest. AES is a very strong standard. As always, use strong passwords.
If you are only concerned about the content of occurrence files, you can protect the files using options 3 or 4. But sometimes, even the presence of certain topics may be something you don't want others to know about, or the descriptions and other details that you add using the details panel may be confidential. Then you should use options 1 or 2, and others won't be able open the Topicscape at all.
Finally, (and this is not a recommendation, just a lead) one option that we have not tested: the USB memory sticks are available with a built-in fingerprint reader. Please read the manufacturer's detailed product description and independent reviews.