This is the third in a series of articles by Don Gardner, Clearwater County Emergency Management Coordinator, about protecting your digital identity.
This week I will discuss more advanced steps for protecting your digital identity. These are Level 2 steps.
Your email is basically not secure. Regular email has no more security than a postcard in the mail. Regular email can be easily “sniffed” from any PC in a network, ISP, etc.
There are many way to safeguard your email. We won’t go into great details but I will give you some ideas you can research and then choose which system will work for you:
Create a strong email password. Never use simple or easy to guess passwords.
Do not click on email links or open attachments.
Phishing emails that contain links or attachments can lead to malware that can subvert your computer’s defenses or trick you into giving up your password. You can be targeted by phishing emails personally crafted to appear to be from people or businesses you know, so be very careful. Don’t open attachments or click links unless you’re expecting them. Never give out your password to anyone or download any software you are unfamiliar with and don’t use on a regular basis.
Scan all email attachments before downloading and opening them. This includes unexpected email attachments from people you know. Viruses and spyware easily spread through email attachments by emailing themselves to email addresses listed in contact lists and address books.
When downloading files and pictures beware of hidden file extensions. Windows, by default, hides the last name extension of a file, so that an innocuous-looking picture file, such as "susie.jpg,” might really be "susie.jpg.exe,” an executable Trojan or other malicious software. To avoid being tricked, unhide those pesky extensions, so you can see them.
Connect to the internet over secure internet connections. Avoid public open wireless connections.
If you need to email several people, consider using Blind Carbon Copy (BCC) to send to multiple recipients. You can help prevent the spread of known good email addresses by not giving other parties access to your contacts list.
Separate your email accounts. Keep several active email accounts open that you use for different purposes. This can include one or more personal email accounts that you use to email friends and family, a business email account, and some throwaway accounts that won't cause a problem for you if they get hacked or suspended.
You may want to give your throwaway email address to those within your friends and family circle who like to send email forwards, hoaxes, and always seem to be the ones who need help removing the latest spyware from their computer.
Use encryption secure e-mail. Some examples are:
PGP (Pretty Good Privacy). This type of software is used for both decryption and encryption of email messages. It also includes the ability to use digital signatures as a form of password protecting the content in an email.
S/MIME is another form of email encryption software. This form uses a certification key to encrypt the message. A private key is used by the receiving system to decipher the message. It is based on a combination both MIME and public key cryptography standards (PKCS).
Online web-based email account can provide some security. Hushmail is perhaps the best-known. It’s available for free, at least for some basic features, which is pretty nice. https://www.hushmail.com/
Countermail is a paid service which keeps its servers in Sweden. It uses OpenPGP, but also has advanced options like a hardware USB key, so nobody can even start the email process without inserting a USB drive into the computer https://countermail.com/
NeoMailbox is based in Switzerland, and is a traditional paid service like Countermail. It uses OpenPGP encryption, but also has some nice features, like the option to choose your own domain or use an unlimited amount of disposable email addresses. It also might be the easiest to use; it plugs into lots of existing mail services like Thunderbird, Outlook, and even has an Android app. http://www.neomailbox.com/
Enable two-step authentication. More and more online services are beginning to offer two-step authentication which adds an extra layer of security to the log-in process. This includes apps such as Twitter, Facebook, and DropBox. Today, however, I will discuss Google, since many of us are forced to use its services on a daily basis.
By adding the two-step verification process to your Google account, every time you log in, a verification code is sent to your phone, which you must input in addition to your username and password. This means that even if your password is stolen or cracked, an attacker cannot log into your account without your verification code. If you have a regular Gmail address, you can enable this feature yourself.
Encrypt your hard drive. If you lose your laptop, whoever ends up with your computer can access all your files even without knowing your log-in password. If your computer leaves your control (at a border crossing, for example), having your hard drive encrypted, and turning your computer off will keep the data inaccessible until you turn it on and enter the password.
FileVault on Macintosh and TrueCrypt on Windows are the usual recommended ways to encrypt stored data.
Update your browser. Considering the amount of time you spend surfing the web, this might be one of the most important things you do to improve your digital hygiene. Online criminals take advantage of security holes in browsers to infect your computer with a plethora of malicious code.
As browser developers discover these threats, they provide fixes via updates. Browsing the Web without an updated browser is like fishing with sharks without the proper gear — it’s extremely dangerous and leaves you open to a variety of attacks.
Be wary of free WiFi, because it also means that someone controls that network and can access your computer and smart phone. There are also programs that will allow anyone to see what you are doing on that WiFi system and can even look into your files. Use your cellular G3 or G4 network hotspot, not the free WiFi in airports, hotels, and coffee shops, if possible.
Mobile phones also serve as a type of individual locator, thanks to phone tracking - a method which determines your location by triangulating your position from mobile phone towers and wireless hotspots. To make matters worse, apps and games installed on your phone can reveal your location publicly or record your movement; at times without even asking if you want this information shared. The best solution is to disable your location settings on your mobile phone.
Next week I will describe more Level 2 tips on protecting your digital identity