At a time where state actors have working exploits that target smart TVs and undisclosed zero-day exploits of fully patched PC and smartphone platforms, there is no question that practicing safe computing is more important than ever. While there is no silver bullet for you to protect yourself against constantly evolving security threats, there are some steps you can take to reduce your likelihood of being a victim in this age of insecurity.
Good online habits
For all the sophistication of modern exploits, the traditional warning about how files haring is a hotbed for malware is as valid today as ever. It is a good practice not to download and run software from untrusted online sources or via peer-to-peer networks. Hackers have been known to take legitimate software and infect it with malware before distributing it to the unsuspecting. Some even take the extra step of removing copy protection on licensed software to sweeten the bait.
Another good practice is to avoid logging into online services through public terminals or systems you don’t own, as these could be infected — or knowingly installed — with a keylogging software. The result is the immediate theft of all passwords that are keyed, even when logging in over a “secure” website. If logging in through a third-party device is unavoidable, be sure to log out properly and change your password as soon as possible.
Phishing remains one of the most common strategies hackers use to steal data or plant malware due to how the email protocol was not initially designed to validate senders. While most phishing messages are amateurish and easily identified through their poor grammar, don’t expect this to be the case with more sophisticated attempts.
Regardless of whether the sender of your phishing message is masquerading as a reputable company or a colleague, the bad guys typically have two outcomes in mind: for victims to click on an embedded link or to open a specially crafted attachment. While the latter requires good judgment, one way to effectively protect yourself against the former is to manually key them into the browser instead of clicking on URLs. Unfamiliar domains should be avoided, and shortened URLs can first be reviewed using an online service such as Unshorten.It.
Raising the security bar
An easy way to beat casual hacking attempts is to enable two-factor authentication. It’s relatively straightforward and will stop brute-force attacks in their tracks. Be sure to also establish a secure login method as a backup and, where static codes are used, to keep them at a safe location.
While using text messages is popular, an arguably stronger approach for enabling two-factor authentication is to use a physical dongle such as the YubiKey. Supported by popular services such as Facebook, Dropbox and Google Apps, the YubiKey can also store static passwords that are transmitted through a USB port or NFC. The added convenience is an incentive to use a strong password for crucial applications such as a password manager.
Another way to increase security is to use a VPN service. Because all outgoing data streams are encrypted, VPN services act as a shield against compromised hosts on a local network and other digital reconnaissance attempts. Many routers support VPN by default, though they are usually much trickier to configure than a commercial service such as VyprVPN.
A less obvious, but vital, strategy is to ensure that the designated email accounts used for password reset requests are kept secure. Attackers can break into DNS servers and surreptitiously change MX entries to redirect emails, or leverage social engineering with web hosting providers to hijack entire domains. Once in control of the email account, hackers can initiate a password reset and log into your account, then change the password and shut you out.
In practice, unless you are an expert with a clear idea of how secure you are against hijacking attempts on your email domain name and email account, it may be better to create a special account with a reputable provider such as Google’s Gmail just for password reset requests — with two-factor authentication enabled.
Improving your travel security
Workers who travel extensively are subject to a heightened set of risks. On that front, it may be worthwhile to install a USB port blocker on unused ports of a laptop as an additional barrier against data loss or malware infection. Physical locks for laptops are a must to guard against opportunistic thefts, though a portable lock such as the Kensington Retractable Laptop Lock may be ideal compared to a clunky model that will just get left at home.
One of the biggest threats at hotels and conference venues would be the use of unsecured Wi-Fi hotspots. The unprotected traffic can be easily sniffed for an indication of one’s online activities, and could even reveal the passwords of improperly secured websites. Wireless SSIDs can also be spoofed, allowing for network interception and potential man-in-the-middle attacks. A portable Wi-Fi router with a built-in Ethernet port, such as the D-Link AC750, can alleviate some of the risks.
Of course, a router does nothing to protect against hostile hotel environments that are already compromised by hackers. Travelers concerned about this possibility can look to a device such as the Anonabox Pro privacy router, which offers hardware support for both Tor (The Onion Router) and VPN services to ensure that all communication to your devices is encrypted.
While full-disk encryption will help against industrial espionage and theft, travelers could be subjected to legal intimidation or device confiscation at immigration checkpoints if demands to unlock devices are not met. An alternative strategy would be to put confidential data in an encrypted flash storage drive such as the Kingston DataTraveler, leaving nothing on the laptop. Face and fingerprint scanners should be disabled before passing through immigration, too.
Traveling without data
Considering the lengthy delays that immigration officials could impose on one’s travel plans, the best way to protect your data with the minimum of fuss is simply not to bring it across borders. A Chromebook device such as the sleek HP Chromebook 13 could help on this front, given that all data is stored in the cloud. Just be sure to remove your profile ahead of time, leaving nothing on the device that can be compromised.
If you prefer using a full-fledged laptop you can travel data-free by using a remote access service such as Parallels Access. The software lets you use a web browser (or an iOS or Android device) to access your Windows and Mac computers that are safely parked at home or in your office.
If this sounds like too big a deviation from how you usually work, a final option would be to park your local files in a cloud storage service, delete them from your laptop prior to traveling, and then recover them at your destination. Do remember to clear your cache and history.
Related: How to pick the right cloud storage service http://www.cio.com/article/3138485/cloud-storage/how-to-pick-the-right-cloud-storage-service.html
Security is an evolving field and no strategy or tool is absolute. Indeed, history has proven that even large enterprises are not immune to hacking, while elite security agencies such as the National Security Agency (NSA) are also susceptible to data leaks. Practicing the above tips, though, should ensure that you are unlikely to be the low hanging fruit that hackers pick off.
This story, "How to protect yourself in an age of insecurity" was originally published by CIO.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.