Using a modern computer is not what it used to be, computers are now more interconnected than ever before, internet applications have become more advanced and more intelligence is built into applications so installed and live applications gather user information. This information is gathered and reported on periodically, partly with and partly without the user's consent. Some of the information transacted may be confidential and some of the information may have little sensitivity or relevance to the user's identity. The information transacted, however small, has some value and this is why it is transacted.
The act of recording and transacting information is not really the problem. The issues arise when the information is used against the user and or transmitted to a server across the internet and stored in an insecure manner. The confidentiality and sensitivity of the information in question must also be considered, and in many cases isn't. The information is often shared between marketing groups and eventually finds its way into the big bad ad-network or worse still into the hands of phishers and identity fraudsters. Various laws and bills are in place that regulate such data transactions and that rule how the data must be stored and processed once captured.
Computer professionals and users need to take this aspect of computing very seriously as both the reputation and posture of both the user and the organization is at stake.
Applications, the Trojan horse
Some Media players are aware of the DVDs you watch and report this information to a central server. This information is tracked and can be used for direct marketing. Some applications navigate the user's machines and hook into the internet browser, redirecting traffic to alternate websites the user would not normally visit. Most users are unaware of this behavior and only notice system performance degradation.
Some applications do not degrade system performance and are more difficult to detect as they make very subtle changes to the operating system. So what does this have to do with your data? All data created by a user is the property of the user. Personal data is also the property of the user and, if stored, is eligible to many privacy laws that govern entities that store data.
Encrypting data will keep the data confidential
All data that needs to remain confidential will need to be encrypted. This includes backup data and archive data. The encryption keys should be stored securely and not stored on the same hard drive that the data resides.
Anti-Spyware, Anti-Virus, Anti-malware
A suite of tools that helps the user detect and control Malware is very helpful. Installing applications that originate from an untrusted source can also lead to problems.
Viruses have been well controlled with current anti-virus programs, it has been a long while since the last big outbreak and it seems that anti-virus vendors have blocked most entry points. Other stronger 'better' programmed malware is emerging that exploits software vulnerabilities that antivirus vendors do not block. This results in more protection being needed by the user and organization when attempting to deal with this new more sophisticated range of malware. A comprehensive toolkit that captures and isolates applications that tamper with system settings and redirect traffic is necessary.
Computers are replacing old filing and document storage technologies. Because of this the documents stored on computers attract more sensitivity and user information than before. Applications that trawl user systems in search of user information and links that can be made for direct marketing purposes are becoming more pervasive. These applications consume computer resources and divulge confidential user data. They must be stopped. The only way is by controlling the information leaving and entering the computer. What do police do when they want to control entry and exits to a city? They set up checkpoints.
User firewalls and corporate perimeter firewalls are becoming part of computing. Users and organizations are becoming more aware of the potential threats and vulnerabilities that plague users. Firewalls help users and organizations manage the entry and exit of traffic along with sophisticated inspection techniques that identify the wolves in sheep's clothing.
(Privacy) Anonymous web surfing
Browsing the internet anonymously helps in keeping the advertisers and malware organizations from tracking a user's habits and digital identity. Many sites track the IP address and browser ID of a user with cookie technology and map back to the user with ease to advertise and to collect user data. This data is then used as in direct advertising and in social engineering techniques, if the data gathering organizations are malicious.
Communication and the importance of encryption
Encrypting a user's communication with the server is a valuable security technique. Traffic that transacts over a network, be the network public or private, can be captured and analyzed at a later time. This traffic, if in the wrong hands, can be used to reconstruct transmissions of voice or data and putting the puzzle pieces together will not take long. Technology that automates this process is available to all that seek it on the internet. Some technologies are used to spy on users. For under $100 a malicious user can download this software and use it to gather information from an unsuspecting victim. These applications need to be controlled if one's privacy is to remain intact.
Recently a wireless scan was performed for 1 hour in a business district of the town that I live near. We drove around with a wireless scanner and scanned for secure and insecure access points. This was mealy testing for encryption such as WPA and WEP and the results were presented to the IT security community for comment. Out of 1367 access points found, over half did not have any security enabled! Some access points had the WEP keys as the SSID clearly broadcasting the key for all to see. Simple procedures like changing the default wireless router's password, filtering by MAC and enabling WPA PSK encryption with a decent length key, will deter the casual wardriver. These are simple mechanisms that add layers of security to an environment.
20 Important security tips to remember
- Update your application and operating system's software regularly.
- Make a backup of your data and store it in an encrypted state.
- Encrypt all confidential data and data that are in transit.
- Ensure that Antivirus and antispyware technology is installed and updated.
- Scan your system regularly for virus and other malware software.
- Use anonymous internet browsing at all times.
- Do not store credentials on your local machine.
- Do not share your resources with untrusted parties.
- Use only encrypted and or secure networks for wireless communication.
- Do not connect to foreign or unknown networks.
- Do not install untrusted any unknown software.
- Ensure that all your cookies are removed form your browsing history.
- Install and turn on a personal firewall.
- Do not share resources like hard drives, USB devices, laptops, and computers as this may present the opportunity an intruder needs to manipulate your PC.
- Do not share your login credentials.
- Employ two factor authentication, something you have, something you know and something you are.
- Secure the computer with technical controls that will make physical access to the machine of no use to the intruder.
- Do not input your personal information into untrusted sources and sites that are likely to be compromised; if you are unsure do not share the information.
- Beware of wireless equipment, encrypt and apply strict filtering so that only authorized users have access to the wireless equipment. (this rule applies to keyboards and mice as well).
Digital communication is recordable
The more communication and data are encrypted the more difficult it becomes to read the transmitted data. Remember that anything that can be created digitally can be recorded and duplicated. If the transmission is encrypted the capture will be of encrypted data and the payload will remain confidential.
The newer the technology the newer the challenges. Millions of people are interconnected using the internet. Part of this interconnection and global presence is applying a prudent approach when storing sensitive and personal data. Keeping our data secure and maintaining a clean digital identity is the next challenge facing individuals and organizations as many malicious and profiteering syndicates attempt to steal and abuse user information that is freely available. Rest assured that if you don't look after your digital identity others will take advantage of this.