2011 Personal Security New Year’s Resolutions

Introduction

So another year has come and gone and another list of personal resolutions start cropping up on the Internet like remixes of the “BED INTRUDER SONG”.  This one is no different.  In a year that has showed that Stuxnet virus could potentially harm people in the real world by affecting infrastructure and DDOS attacks both allied and against Wikileaks emerge as a form of “hacktivism”, taking a look at resolutions for information security in your personal life should resonate.  I’ve comprised a short list of resolutions to consider for the new year to protect yourself.  The playbook for each is simple: Take Inventory and Take Action.

1. Data Protection

Take Inventory
Knowing is half the battle (or so G.I. Joe and his marketers want you to think).  Understanding what information you store on your computer and Internet will give you a better understanding on how to protect it.  The following categories are a guideline to follow.  You can add in classifications as necessary.
Personal – Information that you would not share with anyone outside of your family or immediate social circle.  Think photographs, videos, drawings and poems.

Private – Any information that if compromised, could reveal personal information about yourself that you do not share with anyone.  This type of information could be used in conjunction with publicly available data sources to attempt to steal your identity.

Classified – Any information that if put in the wrong hands, could comprise your well being.  Think financial information, social security numbers, investments and tax returns.  This is the most prized possession for an identity thief to access since little additional information is required to steal your identity.
Take Action
Now that you understand the type of data you possess, it’s time to put countermeasures in place to protect your data.
Backup Your Data
On your personal computer, you’ll want to make sure that you don’t lose your most prized possessions – your data.  If you’re a techie and have a NAS setup or a computer with RAID-4 configuration, then you’re all set.  However, if you’re a mere mortal, a backup service in the cloud will probably fit the bill.  Two of the most popular services are Mozy and Backblaze.  Simply install the agent, configure it and let it backup in the background.  Think “set it and forget it.”  These services cost around $5 / month, but I think $60/year is worth making sure that you don’t lose that picture of little Jonnie at his first Christmas is worth it.

Important Note – These services offer to encrypt your data with a private key so even they will not be able to view it.  While this is great to insure that a peeping Mozy/Backblaze employee or “the fuzz” don’t take a look at your data, losing the key will put you out of luck.

Encrypt Your Private and Confidential Data
Malware, spyware and viruses can compromise a computer via a website without a user even clicking a button.  This is know as “drive-by” downloading.  Once compromised, these machines could send your personal information to a malicous third party.  Think about the amount of money your were charged for phone calls to the “Physic Friend’s Network.”  Now think about what the charges would have been without the “Friend” part.   You catch my drift.

In addition, losing your PC or laptop with all of your most sacred information in plain text is a recipe for disaster.  Simply booting your PC or copying your hard drive could had over the keys to the kingdom.

Encrypting your data will reduce the risk of your data being compromised if your machine is lost/stolen or infected.   My personal favorite is TrueCrypt.  It’s free and multi-platform.  While it does require a little technical footing to work with, the tutorials should be good for most.   If you happened to shell out the extra cash for Windows 7 Ultimate, then you’re already covered with Bitlocker.  Apple also has a similar product in FileVault.

Important Note – Encrypting your data requires the use of a personal key or password.  Lose the password and you lost your data.  Starting to see a theme around here?

Information Leakage
Now that you’ve sured up your personal computer, you’ll want to change focus to the Internets.  Facebook, LinkedIn or any other social network is storing information about yourself that you may not want to share with the world.  Make sure you do the following to protect yourself.

  1. Inventory Your “Friends” or “Connections” and remove anyone that you can’t remember in 5 seconds.  Chances are that they are not or have not been a huge influence in your life or career.
  2. Conversely, proactively deny requests using the same rule.  Having the most friends on the internet doesn’t make you more popular.  It just means you may never leave your computer.
  3. Lastly, do some recon.  Take a look at some of the pictures that other have posted on their sites of you.  They may have even “tagged” them.  Since the government and employers are more actively using Facebook to screen potential new candidates or for case litigation, trying to gain control of the “digital you” is very important.  Having a new employer seeing you in a lamp shade and a hulu shirt doesn’t inspire the words “team oriented” or “abilty to work independently”.  Should these pictures crop up, politely ask them to remove them.  While not everyone will comply, it’s worth the attempt.
Next Up – 2. Password Management