Man in the middle attacks. Social engineering. Large scale data breaches. Government surveillance. Device theft. Those are just some of the threats standing in your way as you try to carry on a safe digital life.
APTs. Three letter agencies. Script kiddies. State-sponsored hackers. Cybercrime rings. Data-hungry corporations. Jealous coworkers. Disgruntled employees.
And those are just some of the sources that those threats might come from.
The point is, as more of our lives become digitized and stored on computers and online servers, our data becomes more valuable and makes us more vulnerable to cyberattacks.
The sacred task of protecting information is everybody’s business, whether you have something to hide or not.
I’ve already discussed cybersecurity rules on several occasions, such as protecting your online accounts against hackers, or your website if you’re running an online business. But the number one rule of cybersecurity is that there’s no such thing as absolute security, and you should always plan for the worst and prepare yourself for the when, not the if.
That is why I’m a big fan of encryption, the art and science of scrambling data to protect it from eavesdroppers and unwelcomed parties who might gain access to it in some way or another.
Here’s a quick guide to encrypting all the data you’ve scattered across the globe and the plethora of devices you own.
My email account is my most active (and hated) communication channel. Articles. Pitches. Follow-ups. Congrats. Polite (and sometimes unpolite) refusals. I exchange hundreds of emails every day.
While not every email I send and receive contains sensitive content, some do, and I would rather make sure that the content of those letters remain secure if someone happens to peek into my mailbox.
That’s why I use Pretty Good Privacy (PGP) to send and receive letters that need additional security. This way, I can make sure that if the letter is intercepted, or if someone happens to break into my account (good luck on that!), they won’t be able to see those top secret missives I’ve been sending around.
Messenger services also account for much of our communications. Again I agree that not everything is top secret information, but you can never underestimate how damaging a seemingly innocent conversation can become if an unwanted party gains access to it.
The most secure messaging apps are those that feature end-to-end encryption, a technology that ciphers data with keys that are only possessed by the parties of an exchange, as opposed to having the keys stored on a centralized server.
Signal is the most secure messaging app out there, but it’s not the most popular app. With some caveats, the one-billion-user-strong WhatsApp is also secure, especially after the rollout of its new two-step verification feature.
Google Drive and Dropbox offer very robust cloud storage, but they’re not the safest way to archive sensitive information on the internet. Manually encrypting files before storing them on the cloud can be cumbersome. That’s why you might want to try a third party plugin such as Boxcryptor, which adds a layer of client-side encryption to most cloud storage services without complicating the user experience.
Alternatively you can sign up for services such as SpiderOak One, which offer out-of-the-box secure storage.
Computer, smartphone and removable media
If your laptop, smartphone, USB stick or memory card is stolen, confiscated, or simply accessed while you’re away, your data will be at the mercy of unwanted parties. That’s why you should consider full-disk encryption, the technology that encrypts everything before storing it on your hard disk.
All major desktop and mobile operating systems have built-in full-disk encryption features which apply to both device hard drives and removable disks. There are also third-party applications for full disk encryption.
Hardware encrypted USB sticks such as the datAshur series are a good replacement for removable media.
However, full disk encryption is not a silver bullet. For instance, if someone gains access to your computer after logon (physically or through a remote trojan), they’ll have access to your files as well. The same goes for encrypted USB storage that is already connected and unlocked. Therefore, you might want to consider encrypting very sensitive files individually.
Browser and internet traffic
Aside from encrypting stored data, you should also be careful to avoid transferring data in insecure ways. Start from your browser traffic. Absolutely avoid typing in and posting information on websites whose address doesn’t start with HTTPS.
Even HTTPS isn’t absolutely secure, and some elements (including complete URL along with query string parameters) will be readable to eavesdroppers. So if you want to prevent malicious parties from finding out which websites you’re accessing, you should consider using Tor, the nonprofit browser that encrypts your entire web traffic and channels it through anonymous nodes.
If you want to encrypt your entire internet traffic, including your email and FTP clients as well as any other application that accesses internet services, you can sign-up for a VPN, a service that encrypts your entire network traffic and redirects it through a node in some other location. There are paid VPNs as well as some decent free services such as Psiphon. You can also opt for hardware alternatives such as Anonabox, a TOR/VPN device which frees up CPU resources from your computer by taking care of the encryption and decryption of traffic.
Encryption is not everything
Encryption is complementary to other measures you should adopt to protect your devices, accounts and data. So don’t forget to stick to your basic cybersecurity rules such as updating your operating system, antivirus, browser and software. And promote cyberhygiene among your friends and family. We can only be safe if we adopt good security practices collectively.