Disclaimer: Even the tips provided below cannot completely protect you. Work to develop your Security Mindset. Always remember, if you’re unsure if something is secure, ask!
In this post, I will highlight how a “Security Thinker” thinks, I’ll cover different avenues of attack including physical, personal, & digital attacks. Finally, I’ll spend a little time on how you can protect your data.
Becoming a “Security Thinker”
Ever picked up your car from the dealer after an oil change? The conversation probably went something like this…
Me: “Hi, I’m here to pick up my car…”
Customer Rep: “What’s your last name?”
Customer Rep: “Got it, I see you in my list. I’ll have them pull your car right out front.”
Great customer service? Or a massive breach in validating the real owner of the car?
How about this product?
SmartWater is a water-based, clear solution “paint” which is brushed or sprayed onto property, drying totally invisible. Each bottle contains the owner’s unique forensic formula (PIN) which is logged into a secure database so recovered property can be traced. The paint transfers to a thief’s clothing and skin, providing microscopic forensic evidence to prove the presence of the suspect at the time of the incident.
Let’s think about this for a second. Here’s a fun scenario…
I have a bottle of SmartWater and I’m over at your house. I really like your new TV… when you go out of the room to get me a beer, I brush a little on under the front corner. The next day, I call the cops to report that you stole my TV – and I have proof!
Good security product? Or easy way to legally steal?
Hopefully these stories highlight how a “Security Thinker” should think.
Avenues of Attack
Social Engineering refers to someone using psychological manipulation to get information from someone else. For example, you are working in a call center & someone calls and says “Hello, this is Yosef from IT, I’m working from home today and can’t log in, can you help me?” If you know Yosef, you may recognize that the person on the line isn’t him. Probably, you won’t know Yosef from Adam & if you are not careful, you may provide sensitive information without realizing it. To help protect yourself, here are a few tips:
- Take off your employee badge or put it in your pocket when you leave the office. Anyone eating lunch next to your table can potentially gain all sorts of valuable information by looking at it such as the company you work for, your name, & even potentially your employee number & your title.
- Do NOT share matters related to work, such as campaigns, products, services, complaints, or customers with people you don’t know.
- Do NOT let unknown individuals into your office or a client’s office. Piggybacking is not allowed!
- Double/triple check requests for confidential information – especially e-mail requests! A follow up phone call is good practice.
Another potential avenue of attack is your mobile devices. Now a days, your phone can potentially give someone access to your credit cards, your bank accounts, your social media accounts, and a variety of other information such as confidential documents, etc. Don’t forget your laptop or data thumb drive either! For all of these devices, follow these tips to be safe:
- Use a login password.
- Set password program to wipe your device if your password is improperly entered X number of times. Note – this may not be practical if you live with toddlers who like to press random buttons…
- Setup a program to remotely wipe your device in case it’s stolen.
- Encrypt your devices! Good encryption programs include Windows BitLocker, Apple LionVault, & GnuPG
- Try not to leave mobile devices in your car unattended – and NEVER leave them in plain sight!
With regards to your phone, another avenue of attack is through software:
- Only download apps that have been downloaded many times before (e.g. 1 Million+)
- Understand the permissions that an app is requesting – does your flashlight program really need access to the internet?
- Watch for battery to start draining quicker than normal – this may indicate that an unwanted app is running in the background.
- Turn off features you don’t need such as: NFC, Android Beam, Bluetooth, picture geo-location tagging, & automatic uploading of pictures to Social Media sites.
- Be an adult. Don’t talk to strangers!
- Don’t post information you don’t want others to know
- Don’t friend strangers just to collect “friends”
- If you get a friend request & you think you’re already friends with them, check!
- Remember that you don’t know for sure who’s really on the other end of a chat
- If you are on Windows, security patch updates include fixing vulnerabilities that Anti-Virus programs may not catch! Don’t postpone & if you have updates set to update automatically, shut your device down fully at least once a week to allow updates a chance to fully install.
- Updating software includes updating any plug-ins – these may not update at the same time as the main piece of software. For example, if you’re running the Mozilla Firefox browser, you need to keep your add-ons & plug-ins up to date yourself.
- Hopefully everyone already does this but don’t open e-mail attachments from people you don’t know! Always make sure your anti-virus program scans an attachment before you open it. Also, keep in mind that file extensions can be changed! A simple TXT file may actually be an executable file that will damage your computer!
- Do NOT rely on anti-virus to keep you safe! If you don’t know what your anti-virus is prompting you to do try Googling/Binging the message &/or ask a friend!
- Passwords: Do NOT share them! Do NOT use the same password for personal & work access. Make your passwords looooooong! Anything under 12 characters can be guessed by a computer program in just a couple of hours. If someone wants to get into your account they probably can but don’t make it any easier for them than you have to.
- Log out of websites & IM services when you leave your PC
- Instead of doing a simple delete of computer files that have sensitive information – use a shredding program (such as Eraser – http://eraser.heidi.ie/)
- Shred your physical papers, credit cards, CDs, envelopes, receipts, etc. Anything that has sensitive information should be destroyed before putting in the trash.
- Backup your data! Use hard backups such as making copies on an external hard drive, backup to the cloud (top rated backup program is https://www.code42.com/crashplan/)
Here are some Social Media tips for staying safe:
For any of your computing devices, always make sure that you are keeping up with the latest security updates – this is for both your operating system & any software / apps. This is especially true for any programs that access or interface with the internet!
Protect your Data!
Data comes in all types & sizes, it can be your SSN, your phone number, address, contact list, work documents, financial information, etc. Tips for protecting your data include:
Remember! Just because you’re paranoid… doesn’t mean they aren’t out to get you! ;-)