Here’s a little guide that I hope can help. The advice here is not intended for ‘activists’ or ‘hacktivists’ or hackers who already know these things, and who have advanced needs and knowledge. It’s for every technical or non-technical one.
Lets clear with Security Triad
A simple but widely-applicable security model is the CIA triad; standing for Confidentiality, Integrity, and Availability; three key principles which should be guaranteed in any kind of secure system. This principle is applicable to the whole subject of Security Analysis, from access to a user’s internet history to security of encrypted data across the internet.
“Not many Internet users know this, but regular software updates can block as many as 85% of all targeted attacks on your software”
(According to the US Computer Readiness Emergency Team)
– Setting travel notices on your credit cards
– Do all your computer, app, and phone updates
– Back up your phone and laptop; use FileVault if you’re on a Mac
– Empty all the trash
– Remove from your devices any files that are non-essential or sensitive
– Disconnect auto-posting on any apps you’ll be using, and remove non-essential connected services (like if you have Disqus approved to use your Twitter account, etc.)
There are things you may normally do in your everyday life with your Mobile, Computer or Laptops. Things you should assume are compromised include Wi-Fi and phone networks (spoofed cell towers), and things like charging stations. High-risk behaviors include:
– Using Wi-Fi or wired (Ethernet) connections without a VPN
– Using Bluetooth
– Using phone/data (tethered) connections without a VPN
– Accessing websites that don’t use https
– Leaving your device or computer “always on” Wi-Fi or Bluetooth
OTHER HIGH-RISK BEHAVIORS TO AVOID IN THE PERIMETER
– Logging in on services, i.e. where you might type your password
– Accessing banking or credit card services, billing services, or things where sensitive data is accessed
– Calling services where you need to provide identity codes, security question answers, or your social security number; like credit cards, your bank, etc.
What you’re at risk for is being hacked, which means a lot of different things. This means being spied on in your communications or through your camera, having your logins and passwords fall into malicious hands, ending up with malware on your phone, having your address books copied and stolen, and more. If you get hacked, you’ll need to change all your passwords, and you may need to get a new phone, tablet or laptop. The hassles and harm can be more and worse, of course, depending on your situation.
You can mitigate risk with a little conventional hacker wisdom:
– In general, your risk is higher with Android – but your risk is not zero with Apple/iOS.
– Unless you already use it, don’t bother with Tor
– Always use a VPN (TunnelBear for iOS, Perfect Privacy; see Torrent for more recommendations)
– Consider using encrypted communication apps like WhatsApp and Signal
– Shut your phone off when you’re not using it
– Keep Wi-Fi and Bluetooth turned off on your laptop when not needed
– Cover your cameras with stickers, post-its, or tape
– Always pretend someone is looking over your shoulder and ogling your screen; you’ll behave in safer ways
– If you know how to, encrypt external hard drives / USB sticks so they require a password
– If you use an Apple computer, use FileVault to encrypt your Mac (Yosemite does this by default)
– Always require your phone, laptop, tablet (etc) to have a password
– Turn off your electronics when they’re not in use
– Use a password manager app (1password), and use it to a) eliminate duplicate passwords, and b) create crazily complicated passwords. These are also good for foiling “shoulder surfing”
– Double check all links for accuracy before you click them; if they look weird or have a typo, don’t click
IN ADDITION, DO NOT EVER:
– Click on strange links or links from unexpected prompts (even if it’s a log-in page that looks legit)
– Open or respond to fishy, unexpected or unusual emails
– Open or download attachments even from trusted sources unless you’re expecting them
– Download anything from text messages or click links in texts (unless expected)
– Assume the “Google Free Wi-Fi” you see in a list of available networks is actually Google’s Wi-Fi
– Use a cord, battery or charging station that isn’t yours
– Log into anything on someone else’s phone or computer
– Plug a USB stick into your computer that isn’t yours
– Leave your phone, tablet or laptop out of your sight; it’s a hassle, but I carry mine everywhere I go when I’m on site.
BE SMART & CREATIVE IN CYBER WORLD