Hi All,
having watched this thread develop, I though I would offer some basic security hints and measures for your consideration as much as one can in a public forum. They are mixed up with a large dose of cynicism but based on industry experience. If you use just 2 or 3 of them, you are then above the average man in the street.
Some of the suggestions may appear to be a bit over the top - depends upon your level of suspicion and paranoia and what you consider proportionate to protect you and yours.
/paranoia ON
Accept that you are the weakest link. Electronics are, up to a certain point, predictable: humans are not and can do non-predictable/impulsive things such as click on a suspect link in an e-mail without looking at the URL.
It sound a bit obvious, but if someone ‘calls from the bank’ challenge them to prove it or call them back on a number that you know is valid.
Keep information about yourself to yourself. Data fusion by the likes of Google and Facebook has enormous power that has been known about for years but ignored until the latest debacle with Cambridge Analytica. If you have 'put it out there' already ‘tough’ you have got to live with it as there is no way to get it back. Just hope that entropy kicks in big time.
The whole picture of electronic security measures of:
Confidentiality – keeping your stuff for you
Integrity – That is, this data is exactly what it purports to be, nothing less and nothing more and I know of any and all changes
Availability – If you lose something even to the point of a complete machine, if its information/data that is that valuable, you should have a back-up somewhere.
Proportionate - This is often not included, but basically ask yourself if you are really a target for a ‘state actor’ to electronically attack you or a high-worth individual that flashes it about. Just don’t make yourself a susceptible target – you are the weakest link.
Think of electronic (and in some ways physical) security like layers of an onion with the most secure zone being at the core. Each layer should have defences that are different to all the others. The basic principle here is one of defence in depth.
Any portable device should be considered as totally sacrificial, both physically and electronically including all information on it.
Any device that uses wireless should be considered sacrificial.
Networks: If you use the Internet at home, your ISP will usually provide you with a router that has some form of primitive security features. This is your outer layer. This is also where you should locate your wireless networking (nowhere else) and some wired devices if necessary. You can use DHCP here or fixed IPs and also your household devices such a smart TVs or the like. No valuable data, maybe use a shared server for music.
Behind this you should run a separate zone that holds data and information that is more valuable. This zone should be wired connections only. i.e. no wireless. All IP addresses are fixed – no DHCP. Between these two layers run a firewall that allows you to create rules to allow only specific devices to perform wanted action. This firewall should act as a proxy server and run an anti-virus on all traffic going through it. If stuff is that valuable keep it away from the nasty Internet and back it up.
Devices on the inner zone should run at least 2 anti-virus programmes. – Microsoft do a reasonable free one that will run concurrently with commercial ones. One AV should look at signatures and the other look at behaviours. These should not be the same as the AV running on the outer/inner firewall.
If I haven’t mentioned it – back your valuable data up, proportionate to its value.
With the current attack vogue for banking fraud, set up 4 bank accounts, 2 checking and 2 savings. Designate one checking for Outgoing and one for Incoming. Tear up the cheque book to the Incoming account. Keep the balance of both checking accounts at a minimum value with other funds in the savings accounts and don’t share any details of the savings accounts with anyone, including your partner.
On-line banking is fairly secure and a good bank will use transitory 2-factor authentication to access it. Use online banking to move your funds around the above accounts. Access it from within the Inner zone, not on a mobile or wireless device
I don’t care what banks say: mobile banking (i.e. on your mobile phone) is there for their advantage not yours otherwise they would not do it. If it is compromised, they have made a calculation that allows them to write it off. You may say that it therefore costs you nothing, but it does. I have spoken to people who have been hacked this way and the repercussions are longer term than you may think. One woman cleared of her savings likened it to being burgled.
Be careful with debit cards, they have details on them that makes them open to banking fraud if stolen. Get an electronic purse card (mine was from Thompson and was free) that uses your own native currency and that you can top up when necessary. They are anonymous, limit your liability to what is on them in real time and have no overdraft facility. You can also take cash out of an ATM using them with no charge – in the UK that is.
Credit cards: get an extra one – they are quite easy to get nowadays – and lock it away somewhere, in a safe if you have one. That way, when your wallet gets stolen you can activate it immediately, and buy the necessities of life while replacements are in the post. Test it once a year to make sure it is still valid. If you have several credit cards, make sure that use different networks – Mastercard, Visa etc.
Get yourself a cross-cut shredder and shred anything with personal details on it, including the envelopes. Again what is proportionate here, do you think that anyone is going to try and tape your 2x4 mm shreds together? Mix it all up in a large box and put it in the recycling at your local tip.
Keep credit card shopping receipts and shred them. The receipt that has your card number as a line of asterisks “ending in 1234” is not foolproof.
/paranoia OFF
Hopefully the above should provide some food for thought.
Happy browsing
Mike
