Digital Footprint

Without question its recommended to do a digital self audit.

To audit:

1. Asses threat model.

  • Who is our likely threat model that could harm us? Those closest to us have the greatest ability to harm us. Spouses may change and we should prepare to be safe.
  • We can’t protect against NSA of us as individuals. Patience, persistence and endless assets means they aren’t an adversary we can defeat.
  • Business espionage is a growth industry. It may be come the norm to be attacked. Perhaps it already is? Leaving no trace of an attack is part of their skill set.
  • Social engineering is now used allegedly 75% of the time to defeat digital security. Getting the IT guy to reset the password through deception is easier than hacking a properly secured router.

 

2.Reduce Attack Surface.

  • Reducing your attack surface is essential. Keep games and silliness off your main devices. Don’t look at porn sites on a device which you access internet banking for example. Don’t allow children to touch your main devices.
  • Don’t use public Wi-Fi, pay for cellular data.
  • Collect your cloud based data periodically and store it locally. Remove.

 

3. Compartmentalise

  • Separate business and social information.

 

4. Security Guidelines

  • Protect your organisation from Social Engineering. Educate those close to you in what Social Engineering is and how to protect against it.
  • Use a VPN. Pay with Bitcoin.
  • Familiarise yourself with Tor. Use it often. More people that use it the better. Use it for normal web surfing often. Not all the time but often.
  • Use a password manager. Make sure the passwords are huge and generated by an app.
  • Use encrypted chats.
  • Use a Chromebook.
  • Use Linux.
  • Use Apple devices ensuring that all security procedures are followed.
  • If you must use Windows then current versions only.
  • Always update all software.
  • Physically secure devices in hotel rooms. Photograph your devices in your hotel safe to see if they have been moved.
  • Use full disk encryption. Always. On all devices.
  • Use encrypted cloud services.
  • For Google Drive use Boxcryptor.
  • PGP encrypt any “secure notes” within a password manager.
  • Keep some money in Bitcoin. It is one of the few things that if looked after properly cannot be taken from you.
  • Set an alarm in your phone for a six month review of your last audit. Audit again.
  • Avoid Facebook, What’s App and Line. Remove them from your life.
  • Make a super secure 007 device (or get someone to do it for you). Whether it is a laptop, desktop or phone. Only use this device for confidential work or education. It doesn’t have to be expensive, it just has to be right. I use a $500 HP laptop.
  • Learn to love learning about this stuff. Digital health is a “thing” now.