Encryption has always sounded like a James
Bond technology – and it turns out, thanks to the recent NSA and GCHQ
scandals, that Commander Bond – or at least his real-world equivalent –
may well have been decrypting our emails for years.
But “ordinary” PC users can feel intimidated by it – for
years, it’s been something that IT staff handled – and it’s also been
highly complex to use, requiring Zen computer skills on Windows, or
enterprise-level software.
Even IT people often worried about encryption in the past,
says ESET Senior Research Fellow David Harley, “When I did user support,
I was paranoid about ensuring that when people didn’t encrypt until
they’d sorted out their backup/recovery mechanisms. Sometimes the IT
team can’t fix your lost passwords.”
But as more and more of us carry valuable information on
handheld devices such as smartphones, encryption is something even
‘normal’ computer users can use – and should consider.
It’s now easy to do on devices such as Android phones and
tablets – and offers peace of mind if you DO have to carry one very
valuable piece of information on a handheld – although do bear in mind
that the risk of physical theft is always present.
ESET’s Harley says that, for ordinary users, the concern is
NOT governments – it’s criminals, “The recent concerns about government
surveillance have started people thinking about protecting their data
who never gave it a thought before, which isn’t a bad thing, but the
main danger to the average individual isn’t surveillance by governments,
but intrusion by out-and-out criminals.”
Don’t fear “crypto” – it’s easy to do, and often built into your device
Sadly, few of us live lives so exciting that our boss will
hand over a disc, saying, “Guard this with your life”. But most of us
have files we want to keep safe. Encryption used to be a ‘pro’ IT skill –
requiring enterprise-level software. Now Windows 8 has a pretty good
system built in. Right click a file, click advanced, then Encrypt. Back
up your certificate for the file (otherwise you’re locked out), then
double-lock by encrypting the disk – now standard in Windows 8. That
should baffle all but the most determined cyber-crooks.
Don’t worry about spies, unless you, too, are a spy
ESET’s Harley says, “Governments and law-enforcement
agencies are actually going to see the use of encryption as an
indication of ‘something to hide’ and possibly deserving a closer look.
“On the other hand, paraphrasing Bruce Schneier, if a
well-resourced intelligence agency or LEA wants to know your secrets
‘they’re in’, and some much-hyped encryption programs will offer very
little resistance. Selecting the right security software of this sort
and properly installing and maintaining it is not easy. If you want to
do it properly – and safely! – it needs time and care.”
If you want to keep something safe, don’t leave it on your PC
Cybercrime relies on your valuables – whether they be
confidential files, banking details or Bitcoin wallets – being within
reach. If you disconnect from the internet, you are safe. Anything on
your PC is at risk – even if that risk is minute, and you ‘play by the
rules’ security-wise. If you’re connected, there is a risk, however
small. To stay truly safe, keep data offline – an encrypted USB stick
works well. Put that stick in a deposit box, and you’re even safer. A
detailed guide by ESET experts to backing up data can be found here
Use good passwords, and if possible, lock those away too
Even IT experts use bad passwords some days – if you’re
browsing a site you know you’ll never visit again, say. For precious
data, though, use a unique password – a complex one that cracker
software will find indigestible, although even that will only buy you
time if the password IS stolen. Better still, use a secure
password-generator like LastPass. That, combined with an encrypted disk,
will make most cyber criminals give up in disgust.
Remember that Inboxes and Outboxes have long memories
When the New York Times front page was defaced by hackers
this year, the password came from an email outbox. If you value
something, or if it’s highly confidential, you should take extra
precautions before emailing – it could just as easily sit in the
recipient’s inbox, and be stolen from there. If it’s a confidential work
file, ask advice from an expert – you could, for instance, email the
file in encrypted form, and then send the decryption key by a different
communication channel. If it’s really important, encrypt it, and deliver
it physically.
Keep your PC clean
Most of us have a lot of precious digital possessions these
days – so it’s not always practical to keep them on a removable hard
drive with military encryption built in (cool though those things are).
The most important rule is, as always, update Windows, your browser,
Java and so on – and, invest in good AV, like ESET Smart Security 7 –
this lessens the risk from spyware, keyloggers and other tools used by
cyber-thieves.
Getting into this? Consider encryption software
If you’re frequently dealing with confidential documents,
there are many software packages built to encrypt files – although many
are still not particularly user-friendly, and that can be nerve-wracking
when you are dealing with software where one password problem can mean
your data is gone forever. Most are functional, though, and offer solid
levels of protection – but it’s a matter of taste, and of your own level
of computing skills, which you choose. Try out packages such as PGP,
its open-source equivalents, or software such as Bitlocker. Try some –
ideally with ‘test’ files first – and see which one suits you.
Don’t trust companies you work with
In business, cybercriminals will target the weakest link –
which means you can live a life of cast-iron security, and they STILL
steal your data. Professional services companies such as accountants and
laywers are often targeted as a ‘way in’ to financial companies – as
are third-party bank card suppliers. If possible, don’t share. Keep it
in your office, under digital lock and key. ESET’s Harley says,
“Encryption solutions are often compromised because people forget to
give the same attention to other factors such as using safe[r]
transaction protocols, good anti-malware protection to reduce the risk
from subversive malware such as keyloggers, keeping confidential data
well inside a protected network and away from unsafe services. It may
not matter how good your security software is if your data is shared
with companies and sites who don’t maintain the same standards.”
No comments:
Post a Comment