Jun 5, 2019

How to secure your digital life

written by Larry

We’ve recently had a number of conversations with our clients, and other contacts in the technology sector, about the importance of privacy in the digital age. The decision to take steps to secure your digital life is a highly personal one, and depends on the risks you think are the most important ones.

Increasingly, privacy is seen as something only the guilty need. If you have nothing to hide, surely you have nothing to fear? That position seemed to work well in the past, but in the digital age things move so quickly you can’t be sure what data goes where, and which services are interconnected. Something you don’t feel the need to protect might allow malicious actors the ability to access something you do. We now keep everything from our selfies to our Banking on the same device.

Technology moves so fast that data is now being used in ways we can’t even imagine. A proactive approach can keep you secure and aware of your individual risk.

We feel as digital experts that we have a responsibility to use tech mindfully and responsibly, and help others to do the same. So, we’ve put together a basic list of some key steps you can take to secure your digital life:

 

Browse using a VPN

The average internet request is routed through dozens of servers. Virtual Private Networks (or VPNs) create an encrypted connection between your device and a server that is connected to the wider internet. This means that the sites you visit and the actions you take online cannot be seen by any other device or actor sitting in-between. This isn’t a foolproof way of being anonymous, as governments still have the potential to identify individuals using VPN services, but it certainly helps to prevent other people knowing everything about your online activity.

 

Use 2FA

Two Factor Authentication (or 2FA/2FV) is the process where having a username and password isn’t enough. A second trusted device (such as a phone or tablet) also receives a prompt that notifies you someone is trying to log in to an account, and the owner must then verify this attempt.

This began as a handshaking attempt where a text message containing 6 digits was sent to a phone number, but can now be done in-app, or in the case of Google, via a simple Yes/No prompt on compatible devices.

By using 2FA everywhere you can, you make it very difficult and unattractive for malicious actors to gain access to your account.

 

Passwords

Use unique, complex passwords for each account. This makes it increasingly difficult for anyone who might try to guess or brute-force a password. This does make them more difficult to remember, so it’s also advisable to use a password manager such as LastPass. This will keep passwords up to date, sync passwords between your devices and see where you are using the same password for multiple accounts.

Don’t forget to use a complex, unique password that you’ll remember for your password manager though, and secure it with 2FA. Otherwise, someone could access all of your passwords easily, making the whole process redundant.

 

Don’t use ‘login with’

It’s definitely convenient to log in with your Google or Facebook account, but it introduces an additional point of failure. If that account ever becomes compromised, then every other account you use it to log in with becomes compromised too. Additionally, you share data about what you’re doing with that service as well, which they are able to use, or worse, lose.

 

Full-Disk Encryption

With the best will in the world, most of us have left a phone somewhere we wish we hadn’t. Using Full-Disk Encryption (FDE) ensures that if anyone were to find or steal your device, accessing the information on it would be difficult if not impossible.

Every device is different, but a lot of mobile devices support encryption as standard, and there are open source tools available for desktop computers.

 

Use open-source, encrypted messaging

There are lots of solutions out there that claim to use secure, End-to-End (E2E) encryption for messaging. The key is to be aware of who owns what. Although services like WhatsApp use encryption, you can’t necessarily trust them, as the user doesn’t hold the encryption keys. After all, WhatsApp is owned by Facebook, and some products are ultimately free because you and your data are the product. Your data is leveraged to sell adverts.

Open source, peer-reviewed apps such as Signal Messenger or Telegram offer more security as users hold their own keys and any attempt to build in backdoors or surveillance is more likely to be noticed by the security community.

Also, be aware that email is tricky to encrypt. Gmail will offer a confidential messaging setting as of June 2019, and PGP is available for slightly more advanced users.

 

Monitor your accounts

Security isn’t an ‘install and forget’ thing. Instead, you must keep a close eye on things and be aware of whether the services you use have been compromised.

You can subscribe to services like HaveIBeenPwned to be made aware whenever your account details ever surface in a security breach, allowing you to change your password or secure your account in a timely manner.

 

Promote privacy

The more people take privacy seriously, the better. It holds companies to account and supports the people who develop the security tools we’ve talked about.

In short, privacy isn’t just for you. If it’s relevant, why not think about providing your customers with a secure way to contact you –  like we do.

 

We’re committed to using technology responsibly and mindfully. One size doesn’t fit all, however, so your needs might differ and we can’t guarantee that by following the steps above, your digital life will be completely secure.

It’s a good start, though.

If you’d like assistance securing your digital life, don’t hesitate to get in touch, we’d be happy to help.

 


Update: DNS over HTTPS

Until recently, web browsers took any web address you try to visit and send them in plain text format to a DNS server, which resolves the human-readable address into an IP address, or series of numbers that denotes the server where that site is hosted. This has made it possible for anyone from your ISP to another person connected to the same network as you to see what sites you visit.

The folks at Mozilla recently introduced the ability to send these requests in an encrypted format (DNS over HTTPS) in the latest version of Firefox. This has prompted a lot of discussion about online privacy and censorship but is worth knowing about and trialling any feature that offers practical privacy benefits. There are several instructions for how to configure this feature available.

Post updated 8th July 2019