Security: FUD vs. Reality

First off, we need to define FUD to those who are unaware of the acronym. FUD means “Fear, uncertainty and doubt.” The term’s been solidified and used in the last quarter century but the tactic has existed for much longer than tat. What tactic you say? Why evoking fear, uncertainty and doubt to intentionally put a competitor at a disadvantage.

Now security FUD exists in all industries like at home: “If you don’t have an alarm company sign out in your yard, you’ll be a target of thieves.” Of course, today more often than not, security discussions deal with computing and data or simply put or ‘new’ digital lives.

How do you secure data? Lock it up? Pass-phrases? Encrypt it?

First and foremost you must secure the physical location. The best encryption and pass-phrases are almost meaningless if someone has enough physical access and time with a device.

Next, pass-phrases. yes pass-phrases not passwords. Passwords are common and unfortunately many people use the same password across multiple accounts/websites/devices, but of course you do not right. In place of a password think of a phrase that has some meaning to you or is easy to remember. For example paraphrasing Socrates: “You can take the man out of the country, but you can’t take the country out of the man.” Let’s work with some combinations. You can use just the first letters YCTTMOOTCBYCTTCOOTM and choose to replace the O with a 0 and only keep the Y upper case. This gives you Ycttm00tcbYcttc00tm. Want something harder? Replace an O with parentheses () so you can ‘visualize it’ in your head… There are much fewer chances that someone will guess that pass-phrase.

What about encryption? A popular open-source encryption product, TrueCrypt, shuttered itself down suddenly and started conversations about if there is really any backdoor or security problem with it or if the application is being “taken out” because it is truly secure and people like Edward Snowden are benefiting from its use and keeping government forces out of their documents. With that in mind, does it mean that you should not encrypt data? Certainly not! You should encrypt all data and not only that on your computing device. Remember encrypt all your data, including your data being transmitted and not just that data at rest (like on a drive). Your PC, Mac, Linux workstation, and even your mobile phone and tablet are gateways into your data. But so is your “normal” web traffic. Do you use https in place of http every time its available?

What if it’s used against you? Many people and businesses were tricked with social engineering or bad web habits to load a program that would encrypt their data and hold it ransom unless you paid a price. Luckily, there have been tools recently made to decrypt the data at https://decryptcryptolocker.com/ but what if there was no such solution? Should you pay that ransom? The answer is a definitive NO. Think it through… give thieves your financial information. That’ll work out right? So what’s the answer? Treat that device like it’s disposable, blow it away/reset to factory/etc. and restore from a known good backup.

Don’t have a backup? That’s a different issue altogether. If you’re near Atlanta Tuesday September the 9th 2014, check out the meeting for WINVUG (http://winvug.org/) where there’s a great presentation on data backup being made by Code42 and ask questions not only to them but to your peers about how we can best secure our digital lives! Full disclosure here, I’m the president of WINVUG and Code42 will be presenting that evening, but we’ll also have free food!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s