Mini Skill – IT Security – Week 1

This weeks mini skill is about computer security. We live in a digital age and the vast majority of us (myself included) have NO IDEA how exposed we are.
I have a cover on my webcam to stop people looking at me. I thought this was great security, yet I am sat here with the same password for everything!
What follows is a series of steps to cover the basics for everyday computer security, both from external threats (cyber criminals and viruses) and internal dangers (my clumsy ape fingers dropping my laptop)
Don’t want the juicy details?
Click HERE to jump strait to the action plan:
My Current Security Situation:
At the risk of making security specialists fall off their chairs, I currently only have one copy of my computer documents and photos, and the same password for all of my accounts. I have also had this password for A LONG TIME. The last time I changed it was when my accounts got hacked in my teens. I download files willy-nilly and don’t know a thing about encryption. I think that about sums it up. Lets turn ourselves into well defended digital warriors with minimal effort, shall we?
Main Failure Points
What are the main reasons people suck at Online Security?
  1. Using the same password for EVERYTHING
    • This means that all a cracker has to do is find one password and they have your ENTIRE ONLINE LIFE. Scary.
  2. Using the same password for YEARS
    • The longer you have the password the more chance there is of someone brute forcing their way into your account.
  3. Not backing up your computer
    • We are always told but never do!
  4. Having only one point of access for your files
    • i.e on your laptops hard drive with no backup.
What is Needed:
There are two areas which need to be looked at –  Internal threats (damage, hardware theft etc) and external threats (cybercrime, malware, encryption etc).
 
Internal Threats:
This is the section which will keep your files safe from yourself. If you are clumsy like me then it is a good idea to have a back up. Perhaps you enjoy leaving your hardware somewhere it can be stolen, but you don’t want to loose access to your files? Okay, we can find a solution:
  • Online backup of documents so that files can be accessed/updated from anywhere.
    • Use a program such as Evernote for writing. This has the added benefit of being able to search everything you have written.
  • Online photo storage so I don’t loose them if my mac breaks. (doesn’t need to be easy access)
    • New Zealand based company called Mega
  • Online access to email so that they are not lost if my mac goes down.
    • Begin to use Gmail as my email client rather than the mail software on my Mac
External Threats:
This is the section that will keep you safe from other people. Either theft of your hardware or perhaps to stop a cyber criminal getting into your email account (which I will explain later as worse than leaving your front door unlocked…)
  • Different passwords for each account that are easy for me to remember.
    • Password strategy listen below
  • Double layer authentication to get into my email account.
    • Google provides this for their Gmail account
  • Encrypted files on your hard drive to prevent thieves reading your hard drive.
    • Enable full disk encryption
  • Software to check outgoing connections from your computer
    • Used a program called Little Snitch
  • Software to check persistent downloads.
    • Used a program called BlockBlock
Password Strategy
Passwords are not given the attention they deserve. I have grown up begrudgingly typing my passwords in order to gain access to my accounts. I have never had to defend anything valuable online so I have always viewed them as a bit of a pain, especially for accounts on games and things that never stuck around for long. However, now that I have sensitive info which I need to keep secure, I am going to have to update my password strategy.
I need them complicated enough that a machine would take longer than my lifetime to brute-force, random enough so that they can’t be guessed, and have enough of them so that all of my accounts cannot be stolen all at once.
I suggest separate passwords for:
  • Email account (if someone gains access to this then they have access to ALL your accounts)
  • Facebook account
  • Accounts that need my payment details
  • Accounts that do not need my payment details
Use this site to check the strength of your password! Quite fun to see how long you can get it! https://howsecureismypassword.net
Double Authentication
The process of using a password AND an alternative method of logging in (such as mobile activation code). This prevents someone accessing the email account with only a password should you lose it. Google accounts have this option. Just don’t loose the phone!

Action Plan

  1. Cover your webcam with Tape
  2. Enable full disk encryption: On Mac: [System Preferences>Security and Privacy>File Vault]
  3. Change iPhone password to 6 digits instead of 4 (I know its not computer security but i thought it was good)
  4. Download and run LittleSnitch
  5. Download and run Block Block
  6. Change email client to Gmail and activate double authentication.
  7. Sign up to Mega encrypted cloud storage and moved all photos over.
  8. Design and memorise a new password strategy.
  9. Download Evernote for writing/ ORGANISING EVERYTHING
  10. Download google drive for saving word documents online.

These ten things will cover you for all the threats (self inflicted or otherwise) listed above.

If you have any other suggestions leave them in the comments below for other people to implement!

If you only do one of the awesome tips listed here (many from Tools of Titans by Tim Ferriss) then put some tape over your webcam!

Links to software listed here:

Evernote – for writing and organising your life

Mega – for massive online photo storage

Gmail – for double authentication email service

Little Snitch – for assessing outbound connections your software is making

BlockBlock – for revealing when malware is trying to install itself

 

Series:

This is post 1 in a series. Find the other articles here:

Progress Recap and Updates