With all the recent ransomware events in the news, it's clear that we need to protect our servers and apps from eyes and ears that aren't our own. To that end, let's review some of the ways bad actors find ways to access our FileMaker data. We'll also highlight the FileMaker cyber security features that Claris provides to help us defend ourselves against attacks.
Before we get started, let's explain what ransomware is. A ransomware attack occurs when a hacker hijacks a data source and then requires payment before they'll release it. In the age of cryptocurrency, this type of cyber threat is easily facilitated because of the exchange's inherent anonymity and virtual impregnability. Unfortunately, the Colonial Pipeline outcome is an exception, not the rule. Therefore, it's improbable that there will be little to no financial consequence in a ransomware attack.
To that end, we, as keepers of personal and sensitive data, need to do our best to protect it. There are some very sophisticated techniques out there to secure our databases. Claris recognizes this and offers several defense features for non-technical and highly technical users alike.
Claris gives us a default Secure Sockets Layer (SSL) certificate when installing an on-premise version of FileMaker Server. SSL is an Internet security protocol that creates a safe connection between a web server and a web browser. But please don't use it for anything other than initial testing. This default certificate is the same one that has been installed on every FileMaker Server since 2012. So it's widely available to anyone who has installed FileMaker in the last decade. Unfortunately, several FileMaker technologies, like the Admin API and the Data API, don't work with Claris's default certificate installed.
Just as we safeguard the data that flies through the network, we need to protect the data that sits on our hard drives or our thumb drives from unapproved eyeballs. We refer to this type of protection as at-rest encryption, and it is critical when we move our apps to the cloud. Claris requires it when we share our files on their services. We can easily encrypt our apps using FileMaker's Developer Utilities, a menu option that becomes available when we select advanced Tools from the application's Preferences.
Once you've selected a file from the computer, via the "Add..." button and renamed it, you can specify "Solution Options" to add the encryption password. Remember to encrypt a file you need to authenticate first with a Full Access account.
After you've configured the options, you can hit the "OK" button on both dialog boxes to start the encryption process. Please put this password in a safe place because no one can help you if you lose it, not even Claris. When the encryption process is complete, you'll have two files, an open file and an encrypted one. After you upload the file, there's an option for the server to remember your encryption password, so you don't have to enter it every time you open the file.
One of the most important things we can do to ensure a secure experience with FileMaker is to use strong passwords. We should use unique passwords among our different accounts and change our passwords regularly. Hacked, stolen, or guessed passwords are the primary way the bad guys get into our stuff. Our passwords are the first lines of defense, so that's why it's so important that we're deliberate about how we manage them. FileMaker helps with this process by offering us feedback when we set up our accounts. FileMaker will calculate the strength of our passwords as weak, moderate, or strong, and we should all strive for a strong rating.
We can also enforce specific password lengths and require users to change their passwords regularly. We can find those settings within the "Edit Privilege Set" dialog found in the "Advanced" section of Manage Security in FileMaker.
Be sure to check out our articles about FileMaker security best practices and FileMaker backup principles as well. And join our mailing list to keep up with the new features and latest information about FileMaker and other custom application development platforms.
This article is also published on FileMakerProGurus.com.