Safety Tips From My Checklist For Cyber Security

If you have a smartphone, laptop, or tablet, you’re carrying a massive amount of data with you most of the time.

Your social contacts, private communications, personal documents and personal photos are just some examples of things you may store on your digital devices.

Because we store and carry so much data, it can be hard to keep it safe—especially because it can be taken from you relatively easily.

My biggest tip is to keep confidential information offline.

When I meet with confidential sources, I don’t bring any such technology along. It is important, especially with whistleblowers, law enforcement, government and others offering information , that they feel safe and trust me to be diligent.

The best solution is using old fashioned methods: pen and paper and a neutral location. Sometimes a safe means may be the least technical solution. Computers can be great for many things, but sometimes the security issues of a simple pen and notepaper can be easier to understand, and therefore easier to manage.

End-to-end encryption ensures that information is turned into a secret message by its original sender (the first “end”), and decoded only by its final recipient (the second “end”).

Sometimes it’s important to cordon off valuable data and communications onto a more secure device.

🔹You can use the secure device to keep the primary copy of your confidential data.

🔹Only use this device occasionally and, when you do, consciously take much more care over your actions.

🔹If you need to open attachments, or use insecure software, do it on another machine. Keep this other machine, your security device, offline.

Unsurprisingly, the best way to protect yourself from Internet attacks or online surveillance is to never connect to the Internet. You could make sure your secure device never connects to a local network or Wifi and only copy files onto the machine using physical media, like USB drives or DVDs..

Sometimes I will use a basic netbook that does not have any of my documents or usual contact or email information on it so there’s minimal loss if it is confiscated or scanned.

You can apply the same strategy to mobile phones. If you usually use a smartphone, consider buying a cheap throwaway or burner phone when travelling for specific communications.

Burner phone

A phone that is not connected to your identity, is only used for a small set of calls or activities, and can be discarded if and when it is suspected of being tracked or compromised. Burner phones are often pre-paid mobile phones bought with cash.

Passwords

Reusing passwords is an exceptionally bad security practice. If a bad actor gets ahold of a password that you’ve reused across multiple services, they can gain access to many of your accounts. This is why having multiple, strong, unique passwords is so important.

The longer and more random the password, the harder it is for both computers and humans to guess.

If your computer or device gets compromised and spyware is installed, the spyware can watch you type your master password and could steal the contents of the password manager. So it’s still very important to keep your computer and other devices clean of malware.

Malware

Malware is short for malicious software: programs that are designed to conduct unwanted actions on your device. Computer viruses are malware. So are programs that steal passwords, secretly record you, or delete your data.

Beware of the “security questions” that websites use to confirm your identity. Honest answers to these questions are often publicly discoverable facts that a determined adversary can easily find and use to bypass your password entirely.

Instead, give fictional answers that no one knows but you.

At least every few months I go through a security and privacy review. Here is what is on my checklist:

Privacy

1. Change all device names to something else

2. Set up connecting devices to generate random MAC addresses when connecting to WiFi

3. Check which 3rd-party apps have access to search (ie: Google) accounts, specifically making sure they can’t access gmails or google drive

4. Make sure no app tokens have been generated on dropbox/box/mega/onedrive accounts

5. Make sure no app tokens have been generated on any reddit/twitter/facebook/github accounts

6. With a fresh device, on a never used wifi, do a google search for each other’s names and handles, share findings

🔹Ensure phones have disk encryption enabled

🔹Ensure computing devices have disk encryption enabled

🔹Use a browser that is NOT Chrome, or Edge. Suggestions include Brave Browser, Waterfox, and Firefox

🔹If using Firefox, Use Firefox Monitor, also use Facebook Continers extension by Mozilla (The creators of firefox)

🔹I use Facebook Lite and do not use their messages or Story features. I don’t stay on FB long (less than 5 minutes) and just once or twice a week. CLEVERJOURNEYS has Headline News And Views on Facebook, but I don’t monitor it very much. It’s just a place readers can see latest articles.

🔹I turn off personalized ads on FB, Google Products and Windows 10.

🔹I use a sms encryption app (like Signal) and avoid using telegram or WhatsApp.

🔹I opt-out of interest-based advertising by companies participating in the Digital Advertising Alliance (“DAA”) at the DAA’s Choice Page, located at http://www.aboutads.info/choices

🔹I perform a privacy & security check of Windows 10 using the open source PrivateZilla

It us vital to protect law enforcement sources.

Security

🔹Make sure 2fa is enabled for all your accounts. Especially any financial, social, and mission-critical sites

🔹Make sure 2fa does not use Text message (SMS). DuckDuckGo “ss7 protocol hack”

🔹Consider using a YubiKey

🔹Make a list of all accounts on paper and then walk through this account list and change passwords

🔹Make sure financial accounts have correct mailing address

🔹Make sure USPS mail forwarding is renewed on any previous residences

🔹Review emergency contacts on phones

🔹Review emergency medical information on phones

🔹Review blocked numbers and contacts on phones

🔹Review blocked numbers and contacts on social media sites

🔹Create/review code words for each other and create/review code phrases for each other

🔹Review Computers for installed software induced vulnerabilities and backdoors. Remember: “Freeware is killware”

🔹Check https://haveibeenpwned.com/

Practices

🔹Keep a list of all the apps/software/sites we use or have accounts with

🔹In this list, flag which are closed-source

🔹In this list, flag which are developed in countries we do not trust

🔹It is a habit to check the settings or preferences of any app we install or use

🔹After creating an account on a service or website check the settings. Look for privacy or security settings

Contingency

I’m not going to reveal all of my contingencies, but offer these considerations:

🔹Make sure all devices are backed up and secured

🔹Plan for your house burning down. Would you still have all your passwords?

🔹Consider putting your passwords and accounts in an encrypted file. Place this file inside a password protected archive folder. Give this archive to two trusted sources, but to each of them only one password. This can serve as a backup or deadman switch.

_______________

In God We Trust