Monday, 15 September 2014 18:51

Taking Security Seriously

Written by 
Taking Security Seriously

I want to take a brief moment to write up some important points to consider when dealing with securing digital communications.

Many of these items have come to light after Edward Snowden (bravely) came forward and contradicted what Obama told Leno: “We don’t have a domestic spying program.”  As you are (hopefully) well aware, this is 100% false.

Further reading:
http://en.wikipedia.org/wiki/Edward_Snowden#Global_surveillance_disclosures

With all of this in mind, I am compiling a list of 4 things that anyone, not just industry-professionals, can do to protect themselves against such spying:

1. Be careful posting things on social media.  Even ‘private’ messages. 

There is no such thing as a “private message” (on Twitter, this is called a direct message).  Don’t assume that other people cannot read what you send privately!  All it would take is a guessed password to see what you’ve sent.  Or worse, if a provider like Facebook could get hacked, then EVERYONE’s private messages would be at risk.

http://rt.com/usa/169848-pentagon-facebook-study-minerva/
http://online.wsj.com/articles/facebook-friends-its-city-pays-for-officer-1405304615?mod=yahoo_hs

2.  Use PGP to encrypt your email.

Before Snowden would provide his media outlets with his leaked information, he required first that they use PGP encryption.  This says a lot - think about it: Snowden used his knowledge of security and encryption to successfully transmit his information without being caught!  To get started with PGP encryption, you’ll need to install some software:

PC:
http://www.gpg4win.org

Mac:
https://gpgtools.org

Use the software you installed to create your own “Private Key.”  You can search for your key after it is uploaded to make sure others can find your key:
http://pgp.mit.edu/

Of course, the other party will also need to use PGP encryption in order for this to work.  Each party has their own PGP key, and the keys are managed by the GPG software.  PGP encryption is a requirement for PCI compliance, so if you’re looking to go after bigger clients, or clients in the healthcare industry, PGP encryption is almost a requirement.

3.  Use a VPN service to anonymize your traffic

One of the easiest ways to be tracked online is using the IP address assigned to your modem (cable, fiber).  With a VPN service, your modem’s IP address is cloaked, making it even more difficult to trace things online.  Why make it easy for them?

4.  If you own or operate a website, consider adding SSL encryption.

As Snowden pointed out, encrypting web traffic makes it tougher for spy agencies to capture your data.  This does not make it impossible, but it requires additional computing power to decrypt data.  By encrypting data that is not sensitive, you make it more difficult for the NSA to “gather everything” as they would need to spend extra money to decrypt everyone’s data.

Read 2652 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.