Manage your personal Information security, part 4

by

We've talked about antivirus, firewalls, and the battlezone on the Internet in the previous three parts. Here comes the fourth and last part.

The soft stuff can get you into hard times

When talking about Information security and IT security, we sometimes  talk about "soft security". Stuff that doesn't necessary mean you can tweak a setting or install a security gadget. It's about routines, behavior, and applying proper knowledge at the right moment. When talking about information security, we can might as well mix this with physical security.

 

Lets analyze. Think of all the places and situations where your information can be exposed to unauthorized persons. I will help you get started, and try to focus on places and situations where valuable and sensitive information is exposed. I'll start out with a list of places and information types.

 

Place/Information holder Information type(s) Consider this
Home computer
  • Bank login information
  • Website/ facebook/email passwords
  • Sensitive documents regarding your kids, your future career etc
  • Store your computer in a drawer or similar when your'e not at home. Seeing it on a table from outside draws attention, and will increase the possibility of someone making the decision to break in.
  • Anything in your home worth stealing should be fixed or at least not easy to just grab and carry. A thief will always succeed with a single item, but slowing a thief down can minimize loss.
  • At best, keep your computers harddrive encrypted.
  • At the least, require a username/password to gain access.
  • Always clean out old emails, and save important ones in specific folders. If you really want to know everything about a person (habits, social life, financial status), 6 months of his or her emails will do it.
Network storage
  • Financial information
  • Classified documents
  • Family photos
  • Family footage
  • A local network storage can be your own digital safe. Aside the logical security aspects, consider what a hidden wireless network drive can do for you in case of a break-in. Only effective if combined with a strict backup routine though.
Drawer
Binder
Bookshelf
  • Passport
  • ID card
  • Credit card
  • Credit card transaction receipts
  • Store your passports and ID cards in a safe place. They are valuable alone, or in combination with other financial papers found in your home.
  • A credit card transaction receipt along with a credit card is extremely valuable if the receipt holds information like expiration date and security code. Store them separately.
Your website
  • Information about your hobbies (expensive ones?)
  • Your current employment and income
  • Vacation plans
  • Home address
  • Pictures of your family, with names
  • Information like home address in combination with information of an expensive hobby (photo, jewelry collection etc) is valuable to a thief. One should not be too paranoid in separating information, so it's up to you how to balance this.
  • Photos of your kids along with information of their names, your home address, and what school they attend, is critical information for a pedophile. You should at least have a strict policy on not posting names along with photos. Depending on where you live, this policy you should also try to enforce this at your children's school.
Facebook
  • Information about your hobbies (expensive ones?)
  • Your current employment and income
  • Vacation plans
  • Information of relations and friends
  • Facebook is a well known source of information for anyone who wnats to know you a little better. A theif planning on doing a break-in, or a hacker planning on an intrusion, also wants to know you better. Dont give away too much.
Twitter
  • Current plans and activities
  • In combination with your personal website and Facebook, Twitter may help a thief to sharpen their plans further. Don't give away too much.
Car
  • Owner information
  • Activities and plans 
  • Now, there's not much you can do about this. But do consider that your car frequently parked outside the jewelry store can give this calculation:
    Car license plate = Car owner = Your home address
    Type of car = Range of your income
    Jewelry store = Your interests = Valuable items in your home
  • Do consider what kind of information you store in your car (insurance and owner information, repair shop receipt with credit card information etc)
Wallet
  • Notes with handwritten pin codes etc
  • Phone numbers and addresses
  • Receipts with partial credit card numbers
  • Credit card slip copies with your signature fully readable.
  • A wallet is a must have, and without sensitive and valuable information it's no longer a must have.
  • Keep it close to you.
  • Don't leave it laying around visible, not even at home.
  • Keep it clean from old, useless information of no value. 
Google
  • Information about you and your habits
  • I could do a series of post on the topic of Google and information harvesting alone, but do consider that Google knows a lot (a lot!) about you. Unless you are a secret spy or something, you shouldn't worry. But if you are concerned about your integrity, you should get involved and learn about Googles tools, what the can do for you..or someone else.
USB stick
  • Any information that can be digitally stored
  • Being careless with enterprise and government USB sticks have caused enough headlines already. Don't do the same mistakes at home. Keep track of what sticks you have and where you have them. If you transport information, make sure you erase the information when done. (Get it? Transportation, not storage.)
  • USB sticks can be a part of your digital disaster recovery plan (see below). But remember that USB drives have limited lifetime. Approximately 100.000 read/write cycles, and the stick is wasted. 
Hospital
  • Depending on what country you live in, there's a variation of what kind of personal information is stored in a hospital.
  • From a information security stand point, hospitals are unique. In most countries, a hospital stores a huge amount of personal and sensitive data, but still it is a semi public facility. There's not much you can do to affect this. But please do stay tuned with discussions and political decisions going on in your society. We do want to secure our personal data, yet we want it to be accessible from any emergency room or by a physician of our choice.
Restaurant/night club
  • Credit card information.
  • Save your credit card slip. Take note of the restaurant name on the slip, and compare the transaction later on, online. Sometimes the restaurant name is something different from what the slip says.
  • Is a wireless terminal used? Make sure the waitress really work at that place. See to that he or she actually goes behind the counter, and other staff does not look suspicious or treat him or her like a stranger.
  • Don't fall for the "wipe the card" trick. If reading the card fails, a quick wipe back and forth on the towel around the waist can help. It can also result in a double transaction, if a second terminal is hidden in the towel.
  • Make sure the terminal isn't tampered with. Strange wiring? Worn out cover, or cover doesn't match?
  • If you use a terminal and enter your PIN code, take note of the placement of surveillance cameras. A camera placed above the credit card terminal is not good. Unless you want to get footage of PIN codes.

 

Tips and tricks

 

Digital Disaster Recovery plan

Set up your own disaster recovery plan. In case of fire or theft with heavy loss of information and other assets, you still need to have access to insurance policies, phone numbers, passwords etc. This kind of information usually does not require much space. Here's a way to do it.

  1. Set up an online storage. I recommend DropBox. It's free, and synchronization is automatic.
  2. Critical information like phone numbers etc should be placed in a specific folder on your computer.
  3. Passwords and certificates should be placed in the same folder, but additionally you might want to encrypt this information.
  4. Set up the folder to be synchronized with DropBox. Lets name it "Recovery".
  5. Now, any information you update in "Recovery" (including encrypted files) will be synchronized to your online DropBox account immediately after you save changes. The folder "Recovery" on your DropBox account will always be identical to the "Recovery" folder on your computer.
  6. Now, we want to make sure you have access to your DropBox account from any computer. DropBox have a web login, so you can access it anywhere as long as you have your login credentials.
  7. Method 1: Use a simple password, that can be remembered. No need to manage passwords on other media.
  8. Method 2 (recommended): Use an encrypted USB stick, with an easy to remember password. Store your DropBox credentials encrypted on the USB stick. Attach the USB stick to your keychain (if you always carry it with you), or place it for safe keeping at your grandma's house. Be aware! To be safe in case of a fire, the USB stick must be stored on a different location. Not your neighbor house.
  9. If bad things happen – use your friends or work computer, get the login credentials from your encrypted USB stick on your keychain, login to DropBox. You now have access to contact information, banking credentials, family photos, or any information you dont want to be destroyed in a fire or earthquake.

A small list of other resources on this topic

EncryptStick
KeepIt.com Unlimited Back-Up

 

Hidden wireless network storage

In case of a break-in with heavy loss of assets in your home, there are always some things you absolutely do not want to loose. Pictures and footage of your children, family vacation photos etc are priceless. Let technology help you out in securing those assets. A wireless storage attached to your local network is a great solution, especially if it can be hidden.

  1. Get a NAS (see sample selection below). NAS stands for "Network Attached Storage", and come in two basic flavors: Cable or wireless. There are also other differences like RAID (multiple discs), but I leave that aside in this post.
  2. Install method 1: Attach it to your network with a network cable. In this specific case we want it to to be hidden, so this would require the switch or router you attach it to, to be hidden as well. Consider the fact that a cable can be followed around your house or apartment, and the NAS will be revealed.
  3. Install method 2 (recommended): Use a wireless NAS and use it only with wireless connection. You first need to set up the wireless NAS by attaching it with a cable to your computer, and when finished with the setup you can go with the wireless only. Setup is usually pretty easy. Every NAS comes with install discs and/or step-by-step install instructions. Anyone can do this.
  4. Once installed on the network, make sure you can easily connect to it from your computer. This is usually pretty straightforward with Windows or Linux. On Windows, just follow the guides. The NAS will show up under "Network" and "Your computer". On Linux, a NAS storage (given that it supports the SAMBA protocol) is accessible by browsing to "smb://your-nas-name" or "smb://your-nas-IP". Make sure you know where to click on your computer to start browsing your NAS. Of course, most NAS support Mac as well.
  5. Hide it! Make sure to hide the NAS anywhere a thief isn't likely to look for valuables. To be even more safe, put it in a box or similar that can be bolted to a table or wall. Things to consider: Make sure that wireless connection is sufficient. The attic or the garage might be perfect places, but may not work if wireless connection is bad. Also, make sure that humidity and temperature is ok. Too hot is far worse than too cold, and moisture can damage the NAS. Also, if hidden in a wall, box or furniture, make sure that air exchange is sufficient. The NAS needs fresh air to keep cool, and if the location is too enclosed it will run hot. And make sure that electrical wiring is ok. You want to minimize the risks, not increase them.

A list of recommended hardware

Thecus SOC – RJ-45 Network, Type A USB N2200
TrendNet 2-Bay SATA I/II Network Storage Enclosure TSS402
Promise Smartstor NS4600 Network Attached Storage

 

Safe credit card receipt disposal

Credit card receipts and other papers revealing sensitive information should not be thrown in the garbage without making sure it's not readable. Smart tip:

  1. Search your pockets and wallet for slips, papers notes, not needed anymore.
  2. Squeeze them all in your fist, like you would if you were about to throw it in the trash.
  3. Stick your fist under warm running water, letting the "ball of paper" getting all soaked.
  4. Squeeze tightly a couple of times, and make a solid paper ball.
  5. Throw the wet paper ball in the garbage.
    – Peeling a wet paper ball will only get you small unreadable pieces of paper. Peeling a dried paper ball will get you the same.

 

Summary

This was the last part in my series of posts regarding personal Information security. Have I left something out? Do you have questions or suggestions? Post a comment, and get the discussion going.

Other related posts:

Manage your personal Information security, part 1
Manage your personal Information security, part 2
Manage your personal Information security, part 3

Leave a Comment