We all think of flying fists, flashing blades, crashing sticks, and muzzle flashes when we think of protecting ourselves.... But yet we STILL continue to hear of the other, usually unseen threat.
Identity Theft.
How many of you have smartphones? How many of you are reading THIS off a smartphone?
For Joe Schmo, not too terrible much they can use there unless they also get some other stuff or you're a total tool and don't clear your internet history and you pay bills from it or something... Those are ENTIRELY up to you. And it starts with good strong passwords and password management.
I can't help you much with iPhones (since I ain't got one and barely understand mine) but if you have an Android, I got you, as my cybersecurity guy hooked mine up.
As for password management... KeePass.
Basically, this app holds all your passwords and you don't have to remember them... All you need to remember is one REALLY STRONG (read: "complex") password and you're good to go. So far, I've been pleased but I must admit I haven't really been using it that long, nor do I understand it enough to got into big detail.
The apps I do understand are Orbot and Orweb.
Do any of y'all remember the BIG takedown of the online black market that ICE pulled a while ago?
The way most people on that system stayed anonymous was through an online program called Tor. Basically this gives you a whole new meaning to online anonymity. For your PC, get "Tor." For your Droid, get "Orbot" and "Orweb" to do the same thing. Orbot MUST be running for Orweb to work!
"But Kenny... I'm not a criminal. I don't use the internet to do shady things."
Do you really trust the people in the WiFi equipped shop you hang out on your laptop in to NOT be criminals? By using Tor or Orweb, you're MUCH MUCH more secure than your standard browser.
Finally... The fun part.... The crypto.
I know more than a few businesses and business owners follow us on Facebook and Google Plus.
Ever wonder how secure your business email really is?
I do.
So now, when me and my crew send emails off our Droids, we use Android Privacy Guard... which puts a variable encryption on the email. We use the stoutest one available (sorry... not putting that out there) on the program and we're pretty confident that our email communications are secure.
Without going into too much detail (remember... this is the crypto we use on internal business-sensitive emails), basically you have a secret key that's your signature and a public key.
The secret key is the signature, and only you have it, and the public key is given to all staff that need it. Say I want to send a secure email to my IT/Cyber Division head (and yes, we actually are working on a Cybersecurity Consulting Division)... I put his public key and my public key in where it asks for public keys, check the box that says "Sign" which affixes my secret key, Type out what I want in the box, click "Encrypt to Clipboard," open my email, paste it in, and send it. Decryption follows much the same process.
Best part... All the crypto we use didn't cost us not one damn cent.
So check some of the options for this out. Make sure your antivirus software is 10-8. Get you some crypto. And start making sure you cover your tracks before you log out.
Identity theft and corporate espionage are major threats to our economy... We all know this.
And it's little gaps in your overall security plan that the corporate spies and identity thieves use to start their devious tradecraft.
Tighten the gaps.... Hell, close the gaps.
Until Next Time....
Stay Safe
V/R
Kenny Smith
TFTG President