Security concerns among technical professionals are growing as their access to information makes them of increased interest to adversaries in the physical, or analog world.
To help the technical community better protect itself, Kaspersky Lab’s Global Research and Analysis Team has developed some practical and easy-to-remember tips: an analog cyber-smart guide for those well-versed in the digital one.
Operational Security, OPSEC, essentials for the analog world:
1. Threat modeling OPSEC is about hiding information from your adversaries. The analog world includes two main categories of adversaries: those that have resources, such as intelligence agencies, military organizations and major criminal gangs, and those that don´t. Kaspersky Lab’s guidance is focused on the first group, since research suggests they are the most interested in technical information.
2. Physical ‘phishing’ Adversaries often recruit others to do their spying etc. for them. Technical specialists, with their access to valuable data are particularly vulnerable to such recruitment, with approaches coming through social media or business networking, and taking the form of persuasion, coercion or just an offer that’s too good to refuse. Individuals and their organizations need to be alert to any such approaches and to have effective countermeasures in place; minimizing researchers’ vulnerability and exposure.
3. Crossing the perimeter: Borders An international border can be one of the most vulnerable places for a technology researcher. Laws can be applied very differently and some good legal advice can be found here. Attempting to prevent border control officers from searching through your belongings, or lying when questioned, constitute criminal offences. Instead, Kaspersky Lab recommends that you stay calm, cooperate and explain the situation clearly. Above all, don’t travel with valuable IT content. Encrypt, upload and retrieve data upon arrival at your destination.
4. Suspect files: when something just feels wrong Respect any sense of unease when travelling to or from meetings. Don’t travel alone or rely on others to arrange transport; but plan your routes and have trusted local contact details to hand. A pre-arranged meeting can be an excuse to search hotel rooms or to remove unguarded IT equipment. Make sure people know where you are. And if you feel you are under surveillance, stay in public areas and behave accordingly. If necessary, travel to the Embassy.
“Operational security in the digital world is about protecting the critical information we generate – through emails, messages, reports, etc. In the analog world, OPSEC forces us to remember that each of us is a channel between what we know and what the adversaries want to find out. Our experience suggests that the technical community doesn’t always know how to spot and prevent potential physical risk. The best advice is to be aware and prepared. Have trusted local contacts and know who to get in touch with in your company. Think carefully about what information you bring with you, and how you carry it. For example, it’s better to have separate phones and laptops to use while travelling,” said Vicente Diaz, Principal Security Researcher at Kaspersky Lab.