Picking Up Pieces

The professionals call this Operational Security and Situational Awareness. When you go online you put yourself and data at risk. You must assume anything, even if encrypted or on a private social network, will get out.

The only weight that matters in cybersecurity is the 6 lbs you carry in your skull. Think before your click. Make sure you are working in a place where you and your data are safe. Never share any kind of log in credentials in an email, screenshot, or Discord DM.If you run an online community do not have a document with all the username and passwords for different tools your community uses.

Authentication means proving who you are when you try to gain access to a network or system. Usually you get authorized by authenticating a username and a password match. You need better security. Enable multi-factor authentication on all your online services.

With Multi-factor-authentication, MFA, you can verify something you know, something you are, and something you own. Many services allow SMS, test messages, as an additional factor. For most use cases this method is acceptable but it is not the most secure.

Also know you local laws in terms of which factors police can use, such as face unlock, versus something you know such as a password.

If you want higher security use a FAB key or other device as an even additional factor. Basically you purchase two keys. You save your credentials to both and lock one away in a fire proof safe off site. You then keep the other one to use as a required log-in.

Most credential leaks get caused by phishing attacks. This means someone casts a net by sending “bait” that looks like a real email, text message, or Discord DM. It will contain links or ask for personal information.

No reputable business will ever ask you for credentials or personal information unsolicited. Do not fill out forms you did not request or opt into receiving.

Rarely, better yet, never click on any link sent over SMS or private message. If you do make sure you know the sender. Look at the URL, if not shortened. Make sure it seems legitimate. Remember the accounts of people you trust can get compromised.

If you work with really sensitive data, or your identity puts you at risk, you should never open links through SMS and make sure any external connection gets scanned for malicious code. You should not use browser based email and only use a client with trusted Anti-virus capabilities.

Most breaches happen because of stolen credentials. Usually from another system. Meaning Miriam may use the same bank password as her email. Her email got compromised and her password sold online. It then got used to drain her bank accounts.

• Use a unique password every time. Some people may use the same password for multiple services and this puts them at risk. I know it makes it easier to remember but it puts you and your data at risk.

• Length beats complexity. Special letters and random Capital letters may get required by systems but they do little for security. Instead think in pass phrases and not passwords. Length takes longer for computers to crack. You can use Diceware pass phrases to truly randomize a lengthy password,

• Stay away from personal details. Many passwords get cracked through social engineering. Someone may look through your profile and see you own cats, they may then look to see if your pet has a registered name or breed. These phrases then get tried in brute force attacks.

• Use a Password Manager. These tools save and encrypt all your passwords and then use single use codes, called hashes, to log in. Passwords managers provide better security given the number of accounts we all have today

• Maybe password books make sense. I know this sounds like blasphemy to security experts but to a family of five where people may have dozens of passwords each writing them down seems understandable. Granted please use a password manager but password books aren't evil for personal use cases. If a family keeps one in a fireproof safe it will help after catastrophe. I know it creates risk but if you have physical access to a families password book, in their safe, they have bigger problems than getting hacked.

• Use incorrect answers for security questions. Many systems ask questions for password recovery. Your first pet or Mother's family name may be found online through social engineering. Use falso or masked information when filling out these help features.

Think of your devices as having two different users. One would have admin rights and the other has user rights. Set up all your laptops and devices with two users. Give one of them full rights to install software, run updates automatically, and modify the system.

Then make yourself a second user. This user will connect to external systems like web apps and social media. This user should not have rights to modify the system. If you come across a program you need to install you would log out and log in with the admin account. Then grant the user account access to to the application.

Having multiple backups can prevent Ransomware and encryption attacks. You may want to use both an online backup and a local backup. You need to make sure backups run and periodically test to see if things run smoothly.

If you do online backups you may want to encrypt your files before backing up. While most commercial backups have good security some people may want additional protection. You do not control the code of your back up company. You can use a tool to make a backup, encrypt the files, and then ship that off for backup. If you hold on to the keys decrypt the backup you have more security. Only people who really need to protect their assets or identity may want to follow this approach.

Offline backups provide an additional safeguard. Many devices will run these nightly or hourly even. You may want to consider locking up a backup each night in a fireproof safe or having a C02 fire extinguisher handy if the availability of your data is critical to your work.

A VPN, or virtual private network hides your real location and protects your data from data collectors. It may not hide your traffic from your Internet Service Provider.

In some countries, such as USA, the telcoms rent routers and modems to people who then pay $12.00 a month for years to pay for a $90.00 modem/router. The firmware in these products often is not updated and vulnerable to attack. Plus newer router/modems often have additional security features. Not to mention, renting routers rips off customers.

This maybe overkill but some users may want to even add utilize modems, routers, and firewalls to create an encryption layer between their network and the outside world. You can add firewalls to home networks. They also make mobile versions if you need security on the go.

Every wireless access point and every Bluetooth connection creates an attack vector for adversaries. Getting into offline hard wired systems will often take physical access. Try to use wires whenever possible. Plus your bitrate to your wireless speaker makes the music awful. You really should use wired cans instead of wireless earbuds(and a lossless format) unless you hate music. Not having your XBOX wired is why you get bodied by little kids and lag, and think about how many Lithium batteries we could eliminate with wired mice.

You may want to have one network for your work and another for your family. This may improve sanity and speed as much as security. If you deal with really sensitive data or operate online personas that can bring you physical or legal harm you should follow this step. You basically firewall off your personal internet use and your activist internet use. This is not cheap and requires specialized knowledge.