Security experts from Kaspersky Lab’s Global Research and Analysis Team shared the security measures they use to protect their own communications via email, instant messaging tools, smartphones, and while browsing over computer networks and interacting with the physical world.
Following the example of the experts, we see that extreme caution is justified. Security experts use separate phones and laptops when traveling, they don’t discuss sensitive questions without being confident that the communication is well protected on both sides, they are always on the look-out for suspicious behavior around them. Now Kaspersky Lab’s security experts invite you to test yourself against their security checklist.
Contextual advertising works because it has a detailed understanding of what interests its target audience. That’s why companies providing this sharply-focused advertising work closely with the big email services providers. Those mailboxes are full of valuable information about the clothes you wear, the places you want to go on vacation and everything else you’re interested in buying. The thing is there’s no single pain point in email security: anything written in an email can cause serious problems if you don’t think carefully about the information you are giving and the people who are seeing it. Our security gurus recommend the following to protect yourself when using email:
- Use email encryption services for your communications.
- Create a strong key to the code of the encryption – the longer, the better.
- Pay attention to the metadata you are generating even when the content of the message is encrypted. “From”, “To”, “Subject”, and the time of the mailing could all be tracked.
Kaspersky Lab warns: if your private key is ever compromised every message you’ve ever sent is compromised as well. Sometimes it might be safer not to use email at all.
Instant Messaging
It’s best not to use any commercial service that doesn’t have an Off the Record Messaging (OTR) cryptographic protocol. OTR allows you to create your own private key, and it encrypts all communications before they are sent.
- Make sure your preferred messenger supports OTR.
- Activate the plug-in before starting the conversation.
- Don’t forget to remind the people you’re talking to that they need to activate OTR at their end as well, otherwise your efforts will be useless. Again, keep in mind what you say and who is receiving this information – they may be logging the full conversation.
Smartphone
Your smartphone contains valuable information on your habits and location. It probably stores the same data as your laptop or desktop, but it’s likely to have different – and weaker – security measures.
• Don’t forget about securing your mobile gadgets
• When on the road, when possible and applicable, use disposable phones.
Browsing over computer networks
• Do not accept cookies, do not allow the execution of JavaScript, and do not keep logged into any account.
• Turn off an unsecured public internet or local area network. Use a 3G/4G connection instead.
• It’s better to build a secure nest combining Tor and VPN, because while VPN encrypts your traffic it doesn’t provide anonymity, and Tor has several weak points of its own.
Physical world
When on the road, experts suggest using a travel phone and travel laptop, both of which should be kept ‘clean’ of any sensitive information. Stay aware of hardware implants and limit the possible hardware attack surface of your laptop. It’s best not to leave any hardware unattended in your hotel room.
A true security expert is always aware of the surroundings and stays on the look-out for suspicious patterns. They are aware of social engineering techniques and know how to deal with different situations and handle problems.
“Our digital footprint is likely to last forever, so the moment we drop our guard, for any reason, we run the risk of being compromised. The golden rule of cybersecurity is probably to remember that silence is a defensive discipline. The privacy of any message you send is only as good as the recipient’s security measures. But even when you cannot remain silent, you need to know how to remain inconspicuous in the crowd of information online,” said Vicente Diaz, Principal Security Researcher at Global Research and Analysis Team at Kaspersky Lab.
Even if you do not deal with highly sensitive data, you can still benefit from the security prompts that Kaspersky Lab experts have prepared for all users. Our online guide to safety facts & tips is available here: http://cybersmart.kaspersky.com/privacy
To learn more about security measures, please read the blog post available at Securelist.com.