Security for those who know they can't win the security war
Because nothing beats jail time. Or a spanner
Beware the G-men
The second issue is that as some have found that cloud backup services promise to protect a user and their data, and tend to wither when accosted by the G-men. Why bother with the expense and complexity of hacking/stealing a user’s laptop if there is a backup copy in the cloud.
To counter both scenarios I have a backup routine that isn’t particularly complex but it works for my needs. Firstly, I use SpiderOak for continuous backup of daily work stuff. I control the crypto phrases as a key tenet of SpiderOak’s philosophy if they can’t recover, or reset your password, nor read your files.
This still isn’t enough for me. All that SpiderOak get is a Truecrypt file. This means that should they have to hand over my files (or they are stolen) the perpetrator has to get through two layers of strong encryption. It means that even if SpiderOak doesn’t live up to its promises I have Truecrypt to fall back on.
Next, I have an offline weekly backup. I have a regular routine to backup my data to removable hard drives. The external hard drives are also heavily encrypted with Truecrypt. Someone feeling the need to look at my drives won’t get very far. All this means I have several generations of backup both online and offline so I am pretty well insulated against provider data loss, ransomware or just third-party incompetence.
In these modern times everyone needs to be careful with passwords. Re-use of passwords can cause a world of hurt. All too often we see that some e-commerce vendor has been compromised. If you re-used the same password, it’s going to be an issue you have to sort out real quick.
Also “auto saving” of passwords is also a big mistake. It may well be unpopular but it means that critical passwords aren’t stored on the local device. Password re-use is a potential issue but preventing saving passwords helps ensure security.
In light of the LastPass hack I advocate either using tools such as PassEto, which rather than record information uses a strong but simply implemented crypto system and a unique password for each site.
For other things I do keep them in an Excel spreadsheet. That may sound bad but it is placed in an encrypted container that is only decrypted when needed and then the Truecrypt volume is unmounted.
Lead Separate Lives
The browser is a user’s route into the internet. It is also the route scumware takes to infect PCs and networks. I tend to have one browser for known trusted work related sites (although this isn’t infallible by any means, given that high profile sites can be infected by drive by infections).
I have a virtualised Windows 7 machine that I can roll back once I have finished browsing for anything other than the sites I trust explicitly.
Without revisiting what has been said many times previously, disabling Java and avoiding plugins as well as sensible defaults goes a long way to preventing browser-related infection. It should go without saying that the browser and OS should be kept up to date with security patches.
Being a bit of a paranoid type I also have two machines. One for business and another for personal use. At the end of the day, it’s about keeping work and home separate. The last thing you want is for your business files to be pilfered or your contacts harvested because you fancied a bit of something interesting and visited the wrong site.
These are just the steps I take to prevent any damaging data loss incidents or compromise.
Some aspects of security are beyond our control, while the strength of what you can deploy is governed by (almost literally) the law. In this piece I’ve also skirted over the obvious, like not downloading random .exes, crack files while making educated use of firewalls and antivirus software.
Also, bear in mind that the number of steps a user or an admin can take before the measures they take become exceptionally disruptive, expensive or both.
The bottom line? The measures you take should mirror the sensitivity of the files you want to protect. ®