As our world increasingly converts every detail of our lives into digital data, we have a valid reason to feel concerned about protecting that data as best we can. Good information security practice begins with yourself, and that’s where you should start. Here we will take a look at six easy ways you can improve your information security. This knowledge may potentially save you from a lot of future problems.
1. Properly Configured Firewall
The firewall for your network is a vital piece of technology, but it’s completely useless if it’s not configured correctly. If you connect to the Internet with a modern router, it will almost certainly have a built-in firewall already installed. You should check to make sure it is correctly configured to control how information flows in and out of your network.
Your personal computer should also have a firewall, though if your router firewall is working properly, you’ll already be at a much lower risk. The latest version of Windows already has a firewall, but it may need some adjustment to be functioning optimally. Linux also includes a built-in firewall. So does Mac OS X, but you will need to activate it manually. Once activated, it will remain that way.
You can test the effectiveness of your firewall by visiting the GRC Shields Up page, which will perform a scan of your system to check for open ports that may leave you vulnerable to an attack. Note that by using this tool you are actually authorizing Gibson Research Corporation to try attacking your computer. This is safe because they have been a trusted presence on the web for decades, but it’s important for you to know so you’re not alarmed by any alerts the test triggers.
2. Anti-virus and Anti-malware Tools
If anything, there is an over-abundance of these products. Some do a better job than others. Windows even comes with anti-virus already built in. Many retail computers have the default Windows anti-virus turned off and the manufacturers install demo versions of other payware anti-virus tools. That’s not cool, because they haven’t asked your permission to do that, but that’s just how they roll.
There’s a long standing myth that non-Microsoft operating systems are immune to virus attacks but this is not really true. What is true is that viruses have a more difficult time inflicting harm on these systems because of the way they are structured. The only way that they can really get to work in your system is if they can trick you into authorizing them to have root level access to the system. Some exceptions are browser based viruses, and particularly viruses that can execute inside PDF files and Flash files. Even these can normally only compromise your web browser, and that can usually be fixed by uninstalling the browser.
You must have anti-virus software to be safe from known threats. The caveat is that this software is only effective against known threats. Because of that, you should always be alert to virus symptoms that could indicate you’ve been infected by an unknown virus.
Malware is very similar to a virus, with the exception that it’s usually activated consciously by the user instead of activating itself. Malware may even be software with certain desirable traits that makes you want to run it, but when it runs it can cause undesirable effects. These could be anything from slowing your system down, turning it into a zombie, serving you with unwanted ads, or a number of other bad things you would not want your system to do. There are numerous anti-malware tools available to help combat this threat.
Beware, however, that many tools claiming to be anti-malware software are in fact malware themselves. You should make sure that you carefully check the credentials of any security related software you use.
3. Encryption Tools
It’s best to use encryption for any kind of sensitive data. For protecting email communications you can use tools like PGP. For live text communications, it’s best to use something like OTR, but this is not available for all chat clients. All Internet communications should be secured by TLS/SSL encryption, no matter how unimportant they may seem.
File security is another matter entirely. For this you’ll need tools like Veracrypt, Truecrypt, or BitLocker. The latter doesn’t make it possible to view your files on anything other than a recent version of Windows, while the others will not restrict which operating system you can use.
Using strong passwords with these tools will enable you to store files in encrypted containers, which if done correctly will be unbreakable by any conventional means. If your sensitive data is effectively encrypted then it can’t be stolen. Beware, however, that your information is only encrypted when you don’t have the file container open. If you have it open, it’s just as vulnerable as any other data.
4. Password Management Tools
The underlying problem behind the major security problems of the past was solved by the development of dedicated encrypted password management software. This software enables you to use different passwords for every site you visit, and protect those passwords with a single password you can easily remember.
Of course if you lose that single password, you’ll lose all your other passwords, and that’s not usually what you will want to happen. Because you’ll also face the same problem if something happens to the file, you should also regularly make externally stored backups of the file.
You can also use a password manager to help you generate strong passwords. It’s best to go for the longest and most complex password you can generate.
5. Appropriate Physical Security Measures
Physical security refers to the security of actual things such as buildings and hardware. It’s important not to neglect physical security when planning for information security. It means installing the best locks, alarm systems, and surveillance systems you can afford. If you’re running a business, it also means implementing a screening and tracking system for visitors of any kind while they’re on site. Compartmentalize what information employees have access to, and do your best to know what they’re doing with it.
If you’re travelling with a laptop, keep it with you as much as you can. If that’s not practical, for example if you’re going for a swim, then secure the laptop by removing the hard drive, battery, and power adapter. Hide these items in a locked case or box (not the room safe, as the hotel staff can access that easily). Why fear the hotel staff? Because it is they who will have been bribed to install spyware on your laptop. They can’t do that if they can’t switch it on and there’s no internal storage to install files on.
In fact, in this scenario the most secure option is to only boot your laptop from a live Linux distro stored on a USB drive. This makes it easy for you to remove your computer’s storage and operating system, and you’ll be able to carry it with you everywhere you go. Nobody can tamper with an operating system if it’s always in your possession.
6. Knowledge of Social Engineering Methods
Although you need to be prepared against random brute force attacks, this is not the way true professionals are most likely to get access to your data. Those methods are successful enough to yield some valuable returns when used against total rubes, but if you are a more high profile target (or even if you’re not) you can expect more sophisticated methods to be employed against you.
Hacking into the computer system of a specific target isn’t as easy as you might expect. It requires considerable effort, and somebody wanting to get access to your information won’t want to expend more effort than is necessary. Normally the easiest way to get information about you is to simply ask you or people close to you. Most people are honest enough and polite enough that they’ll answer just about any question if it’s framed properly.
That nice fellow who helped you fix your flat tyre while swapping war stories with you is the same guy who ensured the tyre would go flat. That police officer who has been collecting witness statements from people in the neighbourhood has only ever set foot in a police station as a detainee. The sweet little old lady who enlisted your help to get Tiddles down from the tree is the same one who put him up there. And it’s a pretty good bet that Tiddles doesn’t even belong to her.
This might all sound like stuff from the plot of a movie, but these are actually all real tactics used to get information out of targeted marks. And if it sounds scary and sinister, then consider that there’s an even easier way to get information about you from a source that’s only too happy to provide it. This source is your social media.
Linked-In tells everything about your current status and background. Facebook reveals all your connections to other people, and loads more information, even down to your exact birth date if you were silly enough to enter it honestly when you first signed up. Twitter will reveal what your interests are, your political affiliations, your religious beliefs, and much more.
You need to lock everything down and really if you care about security, you will only use social media as a tool for gathering information about others, never for sharing your own information.
Good Security is a Habit
Being secure doesn’t just mean getting the right tools to protect yourself, but also learning how to use them effectively, and making correct security practice an ingrained habit. It is not really difficult.
Following these practices in a habitual way while using the right tools will provide the best chance of keeping your information safe from theft or misuse.