Security experts from Kaspersky Lab’s Global Research and Analysis Team share the security measures they use to protect their own communications via e-mail, instant messaging tools, smartphones, and while browsing over computer networks and interacting with the physical world.
Following the example of the experts, we see that extreme caution is justified. Security experts use separate phones and laptops when traveling, they don’t discuss sensitive questions without being confident that the communication is well protected on both sides, they are always on the look-out for suspicious behaviour around them. Now Kaspersky Lab’s security experts invite you to test yourself against their security checklist.
E-mail
Contextual advertising works because it has a detailed understanding of what interests its target audience. That’s why companies providing this sharply-focused advertising work closely with the big e-mail services providers.
Those mailboxes are full of valuable information about the clothes you wear, the places you want to go on vacation and everything else you’re interested in buying. The thing is there’s no single pain point in e-mail security: anything written in an e-mail can cause serious problems if you don’t think carefully about the information you are giving and the people who are seeing it.
Our security gurus recommend the following to protect yourself when using e-mail:
* Use e-mail encryption services for your communications.
* Create a strong key to the code of the encryption – the longer, the better.
* Pay attention to the metadata you are generating even when the content of the message is encrypted. “From”, “To”, “Subject”, and the time of the mailing could all be tracked.
Kaspersky Lab warns: if your private key is ever compromised every message you’ve ever sent is compromised as well. Sometimes it might be safer not to use e-mail at all.
Instant messaging
It’s best not to use any commercial service that doesn’t have an Off the Record Messaging (OTR) cryptographic protocol. OTR allows you to create your own private key, and it encrypts all communications before they are sent.
* Make sure your preferred messenger supports OTR.
* Activate the plug-in before starting the conversation.
* Don’t forget to remind the people you’re talking to that they need to activate OTR at their end as well, otherwise your efforts will be useless. Again, keep in mind what you say and who is receiving this information – they may be logging the full conversation.
Smartphone
Your smartphone contains valuable information on your habits and location. It probably stores the same data as your laptop or desktop, but it’s likely to have different – and weaker – security measures.
* Don’t forget about securing your mobile gadgets
* When on the road, when possible and applicable, use disposable phones.
Browsing over computer networks
* Do not accept cookies, do not allow the execution of JavaScript, and do not keep logged into any account.
* Turn off an unsecured public Internet or local area network. Use a 3G/4G connection instead.
* It’s better to build a secure nest combining Tor and VPN, because while VPN encrypts your traffic it doesn’t provide anonymity, and Tor has several weak points of its own.
Physical world
When on the road, experts suggest using a travel phone and travel laptop, both of which should be kept ‘clean’ of any sensitive information. Stay aware of hardware implants and limit the possible hardware attack surface of your laptop. It’s best not to leave any hardware unattended in your hotel room.
A true security expert is always aware of the surroundings and stays on the look-out for suspicious patterns. They are aware of social engineering techniques and know how to deal with different situations and handle problems.
“Our digital footprint is likely to last forever, so the moment we drop our guard, for any reason, we run the risk of being compromised. The golden rule of cyber security is probably to remember that silence is a defensive discipline.
“The privacy of any message you send is only as good as the recipient’s security measures. But even when you cannot remain silent, you need to know how to remain inconspicuous in the crowd of information online,” says Vicente Diaz, principal security researcher at Global Research and Analysis Team at Kaspersky Lab.
