Today’s guest post is by Darren Leno, CEO of Encryptomatic LLC, and Lockbin.com, a company that helps professionals communicate securely and easily with their patients and clients.
He is a long time and proud supporter of the Electronic Frontier Foundation (eff.org) and a past presenter at 1 Million Cups Fargo. Read more about Encryptomatic LLC here.
In the past few years, security and privacy are topics that have moved from the fringes to the mainstream. Because of high profile data breeches at U.S. government agencies (Office of Personnel Management) and large corporations (Sony), as well as a constant revelations of dangerous “zero day” exploits* with scary names (Heartbleed, Stagefright, etc.) that have for years put our personal data and privacy at risk, this is a topic that deserves a few minutes of your attention.
Security is very large subject. It can be highly technical, difficult to understand, and make us feel helpless. Here are five proactive things you can do to begin to transition from that feeling of helplessness to an attitude of empowerment.
While these five suggestions alone will not guarantee you’ll be safe, consider them the first step down the long and fulfilling road to security zen.
1. Whole Device Encryption.
Encryption is no longer just for spies. It is the primary mainstream tool that you have at your disposal to protect the data on your device from criminals. Your phone and computing devices have the ability to encrypt data. Spend a little time today to educate yourself on how to set it up and start using it.
2. Use a Password Manager.
I know… the password is the most hated security tool in the world, and long passwords are hard to enter on touch keyboards. Maybe you recognize one of these horrible passwords. For the immediate future though, a strong unique password and login is a great way to protect yourself. Try a couple of password managers and select the one that works best for you. LastPass is the service I use, but there are other good ones on the market.
3. Use a Virtual Private Network (VPN).
A VPN creates an encrypted Internet connection between your computer and a remote computer from which you access the Internet. Why is this helpful? Being an entrepreneur, you probably work wherever you can, even from Internet café’s. Free WIFI is great, but it can open you up to serious threats. For example, that nice old lady sipping coffee by the window staring at her laptop could actually be a hacker monitoring all of the unencrypted traffic on the network using a free tool like Wireshark. Entering a login and a password into an unencrypted website while on an insecure WIFI network is like handing it to a hacker on a piece of paper.
VPN’s may cost you a little, but they are well worth the investment. They also prevent your ISP from logging all of your website visits, and then using that information to market to you. I use VPN’s on my laptop, tablets and phone. There are many VPN providers. A few I have used include Private Internet Access, Avast Secureline, and my current favorite, F-Secure Freedome.
4. Check your E-Mail.
The last time you checked your e-mail settings was probably the day you got your device and set it up. Make sure that you are connecting to your e-mail provider using a secure TLS/SSL connection. If not, contact your mail provider for the correct settings for TLS/SSL. If they are unable to help you, then it’s long past time to find a new email provider. An encrypted connection to your mail server is like having your mail delivered to your house in an armored car. Do not receive e-mail over an unencrypted connection.
5. Encrypted Messaging.
This is an advanced tip for people who routinely communicate with and share sensitive or legally protected information regularly with people they know. Using messaging tools that have implemented “Off The Record” (OTR) messaging, it’s fairly easy to establish a secure IM and voice channels over insecure networks like Facebook, Google Hangouts, and Skype. Tools like Jitsi on Windows or ChatSecure on Android or iOS make it practical to communicate privately with others who are willing to take just a few minutes to set it up.
My own company, Lockbin.com, has simplified this technology even further to make it practical to establish a secure communication channel with non-technical individuals. Lockbin is used by thousands of professionals to communicate securely with patients and clients, and the basic plan is free.
There is a lot of basic information and common advice I didn’t cover here simply for space. I don’t have to suggest that you use antivirus software, do I? Or that you should never leave your device unattended without locking it first? And never plug in a flash drive that you find in the parking lot? And that 2-factor authentication is always a good idea? Or if someone calls you on the phone from your bank’s “IT Department” and asks for your password, don’t give it to them, right?
I’ve been invited to speak at the Prairie Den in September, an invitation I eagerly accepted. I’ll look forward to meeting you there, and getting more in-depth about these and other things you can do to stay safe online.
* A zero day exploit is an unknown security vulnerability that can be exploited by a hacker today.