Every week, we hear of laptop computers holding critical information being lost of stolen. Most of us don’t deal with classified government data, but we do own and use on a daily basis devices and storage media that hold a lot of information about us. They could put your privacy at risk if it they got into the wrong hands.
Here are 10 simple golden rules to follow in order to secure your computer and your storage media. Most of those tasks are as mundane as locking your front door or you car, but by combining then you can drastically raise the walls protecting your privacy. Most of the applications mentioned in this article are open-source, cross platform, and pretty much straightforward (they do not require a PhD in Computer Science to be used).
On with the first golden rule:
This is standard procedure on most UNIX-like operating systems, but if you are using Microsoft Windows, you might want to create a restricted user account which you will log in (with password) for daily use. You will only log in as administrator when hardware or software needs to be installed. Doing so, you can already prevent most of the malicious script for accessing folders restricted to the administrator.
Most new Windows computers come with a shareware proprietary anti-virus. After the trial period expires you are invited to pay to carry on using their services. I recommend wiping out the bastard as soon as possible and installing ClamWin in its stead. Clamwin is a free Open-Source anti-virus for Microsoft Windows 98/Me/2000/XP/2003 and Vista. You can schedule disk checks, for example to match the time pattern of your computer usage or Web surfing.
This only works if you follow rule #5: copy all your bank codes, access codes, PIN codes and passwords in an encrypted database created with Keepass or Password Safe. Following rule #10, set a defcon 5 password for that database. Make at least one copy on two other storage media and double-check that the files are not corrupt and that you can open them, before deleting all of those informations from their original folders. Note: putting files in the bin is not enough, you need to permanently delete them.
Papers with critical information should be kept in a bank safe. Serious banks offer such a service for less than US$ 75.00 a year (6.25 bucks a month). When visiting your bank, the safe case can be accessed on request in less than 5 minutes. That is highly secure and extremely cheap considering the peace of mind you get.
Data backup should always be made on at least two other storage media besides your computer. Partitioned disks still count as one single media, because a disk crash often makes the whole media unaccessible. Nowadays there is plenty of affordable choice with flash cards and USB external hard disks.
There is always the option of burning a CD or a DVD once in a while but it is tedious and rather fit for monthly to yearly data backups. For more frequent backups, plugging an external storage media on a regular basis and performing an upstream data replication is the most flexible solution. I usually perform a backup right after major changes to my documents, but you should stick to a frequency of backups proportionate to the value of your data.
If your folder structure is well-ordered, Unison allows to syncronise folders by overwriting older files while leaving other files untouched. You can force folder replication upstream or downstream, which will make it delete all the files on destination that are not on the source. That way, you can create several profiles to impose upstream replication to create recoverable snapshots of your data.
If you use WiFi, make sure that it set with an access password. That password must be chosen according to rule #10.
If you are asked to log on an institutional website, go the usual way (through your browser) but never click on a link featured in the email, even if it appears to come from a trustworthy source. Email headers can easily be faked to deceive you as shown in this example. Before filling in forms online or logging to an account, always double-check that the URL you are accessing is using a secured HTTPS connection. Eyesdropper can see the information you exchange on standard HTTP connections, where data travels transparently. Of all free online email accounts, Google Mail seems to be the safest choice.
Electronic mail always leaves at least 4 traces: one on the sender’s device, one on the sender’s mail server, one on the recipient mail server and one on the recipient’s device.
If you use an online web account for email, make sure you only do so through a secure HTTPS connection, as explained in rule # 7. If you access your online account with Firefox, you can install the Freenigma add-on. Both sender and recipient need to have a Freenigma account to exchange encrypted mail that is undecipherable in the 4 traces.
If you use a mail client, make sure that your mail account allows secure connections and enable it. If you are on Microsoft Windows, favor any mail client that is not Outlook Express: most mail viruses are written for it.
If you use a chat, make sure that the data travels across a secure connection. AIM and Skype are the best options at the time of writing. Other chats such as Google Talk, ICQ, Windows Live Messenger, Windows Messenger and Yahoo! Messenger do not provide encryption.
You should always use caution when posting information about yourself on social networks. Poorly chosen passwords based on your identity or history can easily be broken out using that information. Keep it moderate and concise: once something is out on the web, it can leaves a trace for a very long time, and you may find your 15 minutes of fame bitterer than you could ever have thought. Make sure that you only write and post content that you are not going to regret posting; or that you would not mind certain people to stumble accross, like your partner, a friend, a relative, your employer or a client. The terms of service of portals such as Facebook or Picasa make of those companies the new and only owners of any information or file published through their portal.
First and foremost, you should limit your passwords to a list of 5, sorting them from simple to highly complex. The best password is a string that you can easily remember but that no one can easily guess, ideally a long succession of uppercase letters, lowercase letters, numbers and valid punctuation marks. Passwords should never contain any information about yourself, like name, address or date of birth. Check out this UNIX manuals page and this Use Wisdom page on tips for chosing passwords.
Once you have your list of 5 passwords, you should assign one to each defcon category:
- IRRELEVANT: typically this is the simplest password, you can use it for all transparent networks (HTTP)
- NORMAL: password to access secure networks (HTTPS)
- ABOVE NORMAL: password for logging with restricted privileges on your computer or accessing your mail account over a secure network
- BELOW MAXIMUM SECURITY: this is a rather complex password you want to use to log as administrator on your computer
- MAXIMUM SECURITY: this is the most complex password, which you are going to use as a master password or for encrypted files
Most of the secure connections and encryption algorithms are pretty hard to break through. Without falling into paranoia, you can follow these simple rules to better protect your privacy.