May 21, 2015
The INconvenience of INfosec in the Digital Age
I often get requests from civic groups, consumer groups and
the media to speak about information security (infosec) practices, trends,
etc. Although infosec is not our primary
role at Pro Digital, it does seem as if there is a vacuum of individuals
willing to tell folks what they should do with regard to protecting their data,
even if it is just the simple things.
What I constantly try to drive home is the notion of personal responsibility with regard to
your information security. YOU are responsible for the strength of
your passwords and how often you change them.
YOU are responsible for the
data you put out on social media. YOU are responsible for making sure
your mobile device isn’t left unattended in a public place. YOU
are responsible for not leaving your desktop up and accessible when not at your
desk. All of these concepts (and more)
really drive the point home that infosec is everyone’s responsibility.
Being a former cop and investigator, I know there are evil
people in the world. There are just
plain bad people who, if they worked as hard as they do at trying to exploit
the innocent, hard-working people at a REAL job, they might actually be
successful in life. Sadly, this is not
reality. It’s because of this that I
generally keep my head on a swivel, both proverbially and physically. Even in my own home, I generally lock my
desktop when I walk out of my office. I
have decent security on my smart phone and tablet. At Pro Digital, we also make it part of our
mission statement to secure our client’s data.
We take all of these measures because 1) it’s vitally important to
maintaining confidentiality and 2) someone else would love to get ahold of this
data and exploit it. But is it
inconvenient? You bet!
Unfortunately, human nature is often to take the path of
least resistance, which is in direct conflict to good personal information
security practices. It’s a pain in the
butt to change your password every 60 days.
Encrypting your data takes time and can even slow down the speed of
access of your data. It’s hard to keep
track of multiple passwords, especially if you take the recommended precaution
of using non-dictionary-based words, numbers and symbols. Multi-level verification with security words,
passwords and biometrics makes logging on a longer, tedious process. Mix all of these factors together and the
fact is most people won’t do it (if
they have a choice). But as this chart
illustrates, there’s a huge reason why you should
do it:
Thanks to the recent Sony hack, everyone thinks our
cyber-enemies are in foreign countries.
The fact of the matter is, we have plenty of cybercrime happening right
here at home. And it’s up to YOU to protect yourself. The government won’t do it, your bank won’t
do it, your company won’t do it. Sure,
they’ll put some measures in place to push you along to decent infosec
practices, but when it’s all said and done, it’s up to you to make sure
all of your passwords aren’t the same.
It’s up to you to put those optional security measures on your
mobile device in place. Here’s another
reason:
What’s more important than your money? You work hard for it, you save, you invest,
you make savvy purchases. Good infosec
practices take less time than clipping coupons and will save you much more
money in the long run. Make sure you
always know where your mobile device is.
Make sure it’s locked-down and, if it’s lost or stolen, you can wipe the
data remotely. Even though you may want
to, don’t use the “quick log-on” option.
This will only increase the likelihood that someone will guess your PIN
and access your account(s).
We all love convenience and indeed, convenience is one big
reason why we all love our mobile devices.
But what’s more inconvenient than having your identity stolen or your
credit score destroyed by someone opening accounts in your name because you
didn’t protect your personal information well enough? I sometimes use clichés in this blog and this
is another one of those times: An ounce of prevention is worth a pound of cure!
So what else should you do?
Take the time to come up with new passwords. Change them often, at least several times a
year (perhaps when you change the batteries in your smoke detector). Don’t ever, EVER use the same password for all of your accounts. Embrace and use multi-level authentication
because it will protect you. Don’t use
common words or words that can be found in a dictionary for your passwords and
make sure you mix up symbols, numbers and letters. Need an example? Let’s say your favorite color is purple and
your mother’s birthday is September 25.
Instead of making your password Purple0925, try Purp13#0925. Sometimes, it’s just that simple.
Free wi-fi is great and it’s everywhere. Unfortunately, you should never use open wireless
networks like those found in coffee shops, restaurants and hotels. Yes, I know this means you’ll be using up
more of your cellular data on your mobile device, but trust me, open networks
are fodder for hackers and quite easy to compromise. Think of how a packed Starbucks or a crowded
hotel is a target-rich environment for someone who knows what they’re
doing. At home, make sure your wireless
network is secure and using a password scheme similar to what is mentioned
above to connect. Hide and don’t
broadcast your network so anyone connecting to it needs to know the specific
name and password to log on to the network.
If someone sitting outside your home can access your network, in theory
they can access every single device connected to the network including mobile
devices, laptops, desktops and gaming systems.
When making purchases online, use a credit card with ID
theft protection. Don’t make purchases
from websites that are from countries that may have opposing interests with the
US or western ideologies. Most internet
browsers offer a very definitive symbol to let you know they’re using good
security, so pay attention before you input and send your credit card
information, it should be easy to tell when you look in the browser bar. On mobile devices, only make purchases
through verified, trusted apps. This is
generally less of a problem on Apple devices than on Android devices because
Apple vets all of the apps on the App Store and holds developers to a
standard. Android apps can be open-source
which means they can be made and posted by virtually anyone.
Good infosec is everyone’s responsibility, but first and
foremost, it’s yours. Larger
companies and banks have armies of data security experts on their side to help
you, but even they sometimes get beat.
And no one wants to be a victim, so let’s all agree to do whatever we
can do to prevent it, right here and now.
The encroachment of digital devices for every aspect of our lives is
only going to increase. Make the
decision now to be a responsible user of the technology
Author:
Patrick J.
Siewert, SCERS, BCERT, LCE
Principal
Consultant
Professional
Digital Forensic Consulting, LLC
Based in
Richmond, Virginia
Available
Globally
About the Author:
Patrick Siewert is the Principal
Consultant of Pro Digital Forensic Consulting, based in Richmond,
Virginia. In 15 years of law
enforcement, he investigated hundreds of high-tech crimes, incorporating
digital forensics into the investigations, and was responsible for
investigating some of the highest jury and plea bargain child exploitation
cases in Virginia court history. A
graduate of both SCERS and BCERT (among others), Siewert continues to hone his
digital forensic expertise in the private sector while growing his consulting
business marketed toward litigators, professional investigators and
corporations.
Twitter: @ProDigital4n6
