From gates, guns & guards to encryption, endpoints & erasure
h3 { font-weight: bold; font-size: 18px; color: #C72026; } figure { border-bottom: 3px #EAF1F7 solid; padding: 4px; } figcaption { color: #404144; Nunito Sans’, Helvetica, Arial, sans-serif; font-size: 16px; padding: 2px; text-align: left; } .credit { color: #7c7e83; Nunito Sans’, Helvetica, Arial, sans-serif; font-size: 11px; font-style: italic; } .w3-panel:after,.w3-panel:before { content: “”; display: table; clear: both } .w3-panel { padding: 16px } .w3-panel { margin-top: 16px; margin-bottom: 16px } .w3-leftbar { border-left: 6px solid #58526F!important } .w3-sand,.w3-hover-sand:hover { color: #58526F!important; background-color: #f1f0f4!important } .w3-large { font-size: 20px!important } .w3-xlarge { font-size: 28px!important } .w3-sans-serif { Nunito Sans’,Arial,sans-serif } .w3-opacity,.w3-hover-opacity:hover { opacity: 0.60 }
Protecting intellectual property remains a concern for all organizations, even as new threats continue to emerge. Whether it’s a military unit establishing a base of operations in denied territory or a business undergoing a considerable liquidity event, the first order of protection is typically establishing “gates.” These walls and physical barriers help protect individuals and their teammates/employees in locations where they lay their heads at night.
Most businesses open to the public have Wi-Fi available for their guests. Sometimes it’s password protected, and sometimes users only need to be close enough to the router. It is shockingly easy to pick up a Wi-Fi signal from the road with a laptop and magnetized GPS puck, and then conduct a quick open-source search for the default admin username and password to a particular router. Despite how large the “gate” was, the internet signal provides individuals with a passive avenue into building, whereby access could be granted to browsing history, cloud storage, Apple ID or iTunes and more.
In the same manner that a private foundation can expose personally identifiable information (PII) via a Form-990 (vs embedded privacy features of a Donor Advised Fund), a lack of understanding of personal devices can leave people unintentionally exposed. This begs the question: what is the digital equivalent to “the gate”?
ENCRYPTION: THE KEY TO THE DIGITAL GATE
Think of encryption as a secret message hidden within a sheet full of jumbled letters, numbers and special characters. That message can only be deciphered by someone with the right key to unlock the data. Below are some considerations as it applies to everyday life that not only provide a digital wall around the compound, but also help keep an organization their reputation(s) safe.
- Apple iPhone: Encrypt the photos, notes and iCloud Backups on any personal devices. Navigate to Settings and click on Name/Apple ID at the top of the screen. Scroll down and click on iCloud, then scroll down to (and click on) Advanced Data Protection. After updating all connected devices to the most recent software version, create a new, secure master password for the new encrypted backup. Don’t lose it!
- Email & Private Messages: Seek out encrypted email and instant message providers
- Password Managers: Look for password managers with end-to-end encryption, meaning they do not know or store master passwords.
GUARDING THE DIGITAL DOORSTEP: ENDPOINT PROTECTION FOR PERSONAL DEVICES
Physical (and digital) walls are a great first step in the mission to protect assets. However, if someone rams the gate — what’s the next line of defense? Insert endpoint protection. This is where the consistencypart of the equation makes the biggest difference. Embedding these best practices into monthly discussions will begin to build digital muscle memory that can (and should) last generations.
- Multi-Factor Authentication (MFA): MFA is something a user knows (password), has (YubiKey, physical key) or something they are (fingerprint, iris scan). To help protect against accidental misplacement of company phones/iPads, or even physical intrusions like theft, MFA helps add a concentric layer of security around the most sensitive assets. Be wary of security questions being part of the MFA process; most of these questions can be guessed or gleaned from people search sites and open-source intelligence.
- Malicious Link Filtering Software: Software programs can help protect against user error, like clicking on a malicious link or visiting a website that looks legitimate. Ensure that these programs can cover everything from browsing activity to SMS messages.
- Software Updates: Most organizations wouldn’t ignore a leaking pipe in their building, especially when the risk of it bursting is high. This is the same concept with software updates. These patches are often rolled out for user protection. In addition to turning on automatic updates, ensure to power off devices once per day to ensure that the patch goes through.
DATA BROKERS AND GUARDING IDENTITY
One of the unfortunate realities of wearing a uniform, becoming an influencer, or having a large balance sheet is that privacy can easily (and quickly) become a luxury. Skill, fame and wealth can attract unwanted attention from many sources, including enemy forces, media, paparazzi and even stalkers.
Prior to obtaining fame or wealth, personal data is being bought and sold every day, often without users’ knowledge or consent. These companies, known as data brokers, create digital copies of users online. Such profiles include everything from home addresses, Social Security numbers and mobile numbers to tax IDs and registry numbers of legal entities (LLCs, C-Corps, LPs, foundations). How people transact and communicate becomes increasingly more important in the fight for privacy and the “right to erasure.”
Safeguard employee data by rejecting cookies, only providing as much information as is necessary, and (where applicable) opt-out of data sharing/selling. Encourage employees to do the same.
- Email & Mobile: Utilize the Hide My Email function for Apple users or test out apps like Cloaked, which provide a unique email, phone number and password for each identity created.
- Social Media Settings: Check the visibility settings on LinkedIn. Navigate to Settings & Privacy, Visibility and then Edit Your Public Profile to determine who has access to profile photos, headlines, summaries and more.
- PII Deletion / Opt-Out Services: For privacy fundamentalists, begin research on the data broker industry and explore ways to either opt-out or delete exposed data.
Data privacy rules, regulations and their complexities are constantly shifting in this interconnected world. Organizations would be best served to heed these reminders and take action towards shielding themselves during a time of increased threat actor activity — which is showing no signs of slowing down. That said, these simple tips can go a long way towards ensuring future safety online for all.
https://www.securitymagazine.com/articles/100479-from-gates-guns-and-guards-to-encryption-endpoints-and-erasure