Secure Your Digital Assets from Attack

When maximizing the confidentiality of your personal information, the first thing to do is to ensure that your electronic devices are physically secure and that the information stored on them is encrypted.

Reduce Your Exposure

Even though you may take steps to reduce the risk of theft of your portable computing devices (by not leaving them in the cabin of your car, for example), there is always a chance that they may be stolen. It is important, therefore, to minimize the information you store on laptops, smartphones and tablets.  Home PC’s, of course, generally have a great deal of personal information stored on them, but they are generally more difficult for the thief to steal because a home break-in must be committed.

If your PC, smartphone, laptop or tablet is stolen, you can minimize your exposure by employing encryption on them.  All major operating systems support encryption for local hard disks as well as external USB sticks that you use to move data around.  With encryption, even if your device is stolen, as long as the device is locked or off when it is lifted, the thief will be largely unable to access data which has been encrypted.

The barrier created by encryption depends upon not only the algorithm itself, but the passwords you choose.  Be sure to choose a strong password. One method is to use the first letter of a phrase, combined with some numbers and special characters. Use upper and lower case characters.  Use a length of at least 10 characters, though 15 characters (or more) is preferable.

The Tools Are There For You

Encryption is available as a built-in feature of most operating systems, or at least can be added to them.  Note that commercial encryption software may be designed with hidden back doors that can be penetrated by state-connected actors.

For example, Microsoft is alleged to have created back doors on a prior version of Windows specifically for the NSA (Microsoft denied it even though their code identified a mystery set of keys called “NSA”).

WINDOWS

If you are a Windows user, then ensure that your version of Windows supports Bitlocker.  It is a Microsoft program that allows you to encrypt all of your data. Turn it on and use it.

APPLE

Apple’s File Vault 2 for PC’s will allow you to encrypt the machine’s disk and USB memory devices.  It is available on OS X Lion & later.  If you are running an older OS, then upgrade.  If you have an Apple smart phone or tablet with iOS 8.1, or later, then your data is automatically encrypted.  Apple calls it “Data Protection”.  Be sure you do not disable it.

ANDROID

Encryption has been available on Android phones and tablets since Android 4.0 (ICS). It is not enabled by default and so it is necessary to manually enable the encryption feature.  It is based upon Linux’s dm-crypt but, unfortunately, provides a weaker version of AES encryption (128 bit).

LINUX

Because the market for Linux is a smaller, it is not subject to the vast number of attacks of other operating systems.  Linux supports encryption such as LUKS/dm-crypt for both hard disks and USB sticks.  For protection again serious threats, Linux is not bulletproof.  It is not unreasonable to expect back doors to be inserted into Linux.  Fortunately, there is world full of eyeballs looking at Linux’s open source code, so such back doors would be a challenge to hide indefinitely.

Be Aware of Your Surroundings

Even if you encrypt the data on your computing devices, it is still possible for determined thieves to gain access to your personal data if they can get physical access to your equipment.

For example, a USB key grabber device with Wi-Fi capability could be surreptitiously installed on a PC keyboard cable in order to send everything you type to a central observer.  Or, a compromised USB memory stick, when inserted into a computer, could change the BIOS or operating system in order to install an undetectable virus.

Therefore, a home alarm system or intrusion detection system is a worthwhile investment for those attempting to maintain a secure perimeter.  If you are particularly concerned, do not use equipment near a window, and portable devices should not be used in public places where cameras may be located (such as airports).  Periodic physical inspection of your computer and networking equipment is prudent.

Another very good practice is to shut down devices when you are not using them (i.e., power them off).  PC’s and portable devices usually boot relatively quickly, so waiting for them to start up should not be an issue. Furthermore, any cameras and microphones should be disabled or disconnected as these devices could be turned into remote tools for the spy should an unwanted virus or application find its way on the computer or device.  Cameras on smartphones should be covered with painter’s tape to obscure the video (such tape can be easily removed when the camera is required).

Wireless Means Convenience, however…

When radio frequency (RF) transmitters and receivers exchange data, it is possible for signals to be intercepted because RF signals are sent in all directions.  Given the option, it is always preferable to use wired rather than wireless.  Bluetooth is particularly vulnerable to the interception and decoding of communications amongst devices.  Therefore, the use of Bluetooth should be generally avoided, particularly Bluetooth keyboards.  The Bluetooth interface on a PC or mobile device should be turned off when not in use.

If Wi-Fi is used in your home, then ensure that the highest level of encryption is enabled with a long pre-shared key comprising letters, numbers and special characters.  Turning off the broadcast of your Wi-Fi transmitter’s SSID is recommended, as is enabling MAC filtering (note that common sniffing software can easily overcome these two barriers, however).

When using your cell phone for voice or data communications, note that threats are known to operate mobile cell phone towers which can fake your phone into thinking that it has connected to your operator’s cell network.  Hence, you should act assuming that your cell phone conversation, emails, text and data transfers are undergoing interception by such threats.

Don’t Accidentally Release Your Private Information

If you have used full disk encryption to encrypt the data on your computing devices and USB keys, then theoretically you can dispose of them without having to wipe or destroy them.  The reason is that, without the encryption password, the data cannot be decoded if the encryption algorithm and chosen password are strong.

It is prudent, however, for those who wish to make it extremely difficult to recover the data, to erase the disk or USB key using a wipe application. Another option is to reformat the disk and write random data until the disk is full.  Note that modern disks have backup storage locations (called sectors) that a wipe application or re-format may not touch.  This is not an issue if encryption has been consistently used for all data.  To overcome this problem on removable disks, the disks can be disassembled and the memory platters and/or integrated circuits cut into tiny pieces before disposal.

Bring Your Own Device?

Bring Your Own Device (BOYD) means that your employer allows you to access the company’s internal, secure network using your personal laptop or smartphone. The typical condition is that you must install special, administrator-level software on your device.  The theory is that this special software protects your employer’s data (allowing features like remote wipe) while segregating your personal data and activities.

However, because of the deep level of control employed by such software, it is unlikely that such segregation has real meaning.  Therefore, it is recommended that if you want to use your own personal computing device on your employer’s network, buy one just for that purpose and do not use it for personal activities and do not store any personal information on it.  When it is not in use, be sure to power it completely off.

Leave a Reply