Print this page


The Online World: You and Your “Security”

Whether you are an individual and are looking for ways to protect yourself online or whether you represent a company and are looking for security for your building automation system, you should establish a consistent approach to online protection. 

First and foremost, if you want to make any effort at all with regard to having any online interactions, you need to create a different, strong password for every site that requires one for access (starting with the password to access your own computer). Do not keep these passwords in a file on your computer (the bad guys always look for passwords if they do gain access to your computer). Consider using a journal or some such that you keep with you at all times in a secured space or that you lock in a secured space.

Now let’s discuss simple website security. You notice, for example, that the OPIX website is protected as a certified Secure Socket Layer (SSL) site. That is why you see the “https” in the URL like this:


This assures you that OPIX encrypts the transmission of data between you and its website. That is the very least of the security measures of which everyone should be aware.

Next, if you are making purchases online, you should be sure that the website from which you intend to purchase states that it is PCI-Compliant. That means that the site complies with the standards required by banks to secure the purchasing process.

For more advanced users of online services, one should consider the location of the companies with which they interact and ask questions about the locations of the servers on which their data is stored.  Even within North America, the US follows a completely different Data Protection Standard than that of Canada (which follows far stricter European Union standards than the US). It may be important to understand those differences when it comes to online interactions with Facebook, for example.

If you are interested in security with regard to your building’s automation system, a whole other approach is necessary. The state-of-the-art available today is FIPS-grade AES 256 device-to-device encryption. At the very least, however, you should use controllers and front-end systems that are certificated by the Government Services Agency (GSA) as “hardened” systems and acceptable by the US Government.

By keeping a consistent approach to securing your online environment, you are much better able than over 90% of other online users to keep yourself protected even when under attack.