From Zero to Secure in Five Simple StepsBy Mike Elgan | Posted 08-04-2015
Major hack attacks have become a banality. Multiple branches of the federal government, as well as contractors with sensitive government data, have recently been compromised by hackers. These include the U.S. Census Bureau, the Office of Personnel Management, the Pentagon, the Army National Guard. Even the president's own email was targeted and compromised.
Hacking victims in the past few weeks have included United Airlines, Planned Parenthood, Ashley Madison, New York Magazine, UCLA Health System, Harvard University. Even cars, rifles and safes are getting hacked.
A whopping 95 percent of all Android users have been found vulnerable to a hack called the Stagefright vulnerability. All it takes is a single SMS and the hacker can take over the microphone to listen in, or download and steal personal data right off the phone.
Air-gapped computers (systems not even connected to a network) are vulnerable to hacking.
And Sony Pictures Entertainment? Please. It was a corporate hack so devastating that it has its own Wikipedia page.
Even the world's best cyber-security firm, Kaspersky Lab, got hacked.
You think your personal and professional data is safe? Think again.
It's time to redouble your efforts (and budgets) around security for your organization. It's imperative to challenge every assumption your company has been making around security.
Additionally, you've also got to look out for yourself. You're smart and successful, but if the Pentagon and Kaspersky Lab can be hacked, so can you.
There is no better time to take action to protect yourself than this very moment. The good news is that it's quick and easy. It's just a matter of making a few very smart decisions.
How to Get Secure, Right Now
The biggest myth in security is: You need a lot of specialized knowledge, resources and equipment to keep your data safe.
I'm here to tell you that for your own personal data, that's not true. (For companies, businesses and enterprises, it is true, so get busy on that separately.)
Without any special knowledge about security, you can keep your personal data safe by doing five simple things.
Here are the five easy steps to secure your stuff.
1. Buy a Secure Phone
If you were to tell people 40 years ago that in the year 2015, everyone would voluntarily carry a tracking device where any number of companies, government agencies, criminals and spies might be monitoring your location; where all your personal financial information was accessible to criminals; where your communication could be easily intercepted and your private photos copied they would have said you're crazy. But that's what smartphones can do.
Security products that scan for malware, encrypt data and communications, and do other security-related tasks abound. But that can be time-consuming, mind-boggling, expensive and risky. It's much easier to just buy a turn-key, consumer-friendly secure phone, a new category of phone that has existed only for a year.
The leader in this category is the Blackphone 2 from a company called Silent Circle. It ships next month for $649 unlocked.
You use the Blackphone 2 much like any ordinary Android phone. In fact, it runs a super-secure custom version of Android called the Silent OS. It comes with Silent Circle-created encrypted phone calls, texting, management services and more. They even offer a security-vetted specialized app store. And just this week the company announced that the Blackphone 2 will work with Google's Android for Work. That means business apps and data exist in one part of the phone and personal apps and data on another. It's like two phones in one.
By the way: I mentioned the Stagefright vulnerability that comprises 95 percent of all Android users. Blackphone users are among the 5 percent who are automatically protected, no action required by the users.
Another secure phone alternative is called the Turing Phone from Turing Robotics Industries, and it takes a slightly different approach to security. They make pretty much everything proprietary, so anyone expecting to use existing or widely used hacking techniques are likely to be thwarted.
The Turing phone starts by making the physical phone somewhat impenetrable. It has a proprietary connector that replaces the standard Android-phone USB style connector. It's also got no headphone jack.
Touring also boasts of a revolutionary external frame made from "liquidmorphium," a kind of liquid metal, is claimed to be stronger than titanium, and it's waterproof.
Turing created its own, proprietary end-to-end security system that centers on something they called the Turing Imitation Key, which doesn't rely on third-party authentication.
You can pre-order the Turing Phone starting at $610 and it's scheduled to ship Aug. 10.
2. Buy a Chrome OS Device
The vast majority of hack attacks enter into your life via either email, the Web or a combination of the two.
Chrome OS devices, which come in the form of Chromebook laptops, Chromebase all-in-one desktop PCs and Chromebox PCs, are incredibly secure for using email and surfing the Web. The reason is that (when combined with the three steps below) your stuff exists protected in the cloud. And because it's not a PC, there's no place for trojans or malware to gain a foothold on your local system.
Some executives and business people can use a Chrome OS device full time. But even if you can't or don't want to, at least use one for email and exploratory Web surfing. They're cheap, easy to buy and set up. And they instantly and automatically protect you from the vast majority of threats to your data.
3. Accept every software patch and update that comes along.
Whenever a software company hears about a threat to security that's enabled through their product, whether they read about it in the news or hear about it privately from whomever discovered the bug, flaw or attack, they are obligated to fix it with a patch or an update.
Companies often add these to other improvements and patches. It's a great practice to always accept all such downloads whenever they are offered, and to automate them when you can.
4. Use a Password Manager
A good password is by definition hard to remember and unique. There's no way anyone can reasonably be expected to remember dozens or hundreds of hard-to-remember and unique passwords.
Using a password manager like LastPass or Dashlane enables you to use a huge number of crazy-good passwords (they'll even create them for you). Each password is completely unique and you can change it constantly.
5. Use Two-Factor Authentication
Two-factor authentication is a surprisingly vague term that could mean any number of things. But in general, when companies offer it to you, use it.
A typical example is Google's two-factor authentication. Their system gives you a unique, one-time password to use for any new software. And it asks for your smartphone's phone number.
Whenever you use a service or application that supports Google's two-factor authentication, your phone gets a secret, one-time code, which you have to enter in to proceed. If some hacker tries to log in to, say, your Gmail account by a brute-force attack on your password, they won't get in. Plus, you'll get a code that you didn't initiate so you'll know somebody is trying.
The very likely possibility of getting hacked may seem scary and, unfortunately, it is a real threat. But if you take the right action by being proactive and staying ahead of the hackers, there is no need to live in fear.
Solid personal-data security doesn't require any specialized security knowledge. All you've got to do is take these five steps and you'll be nearly hack-proof.