Why you should regularly delete your tracks from the internet, and how
Most of our customers don’t have much to hide.
Sure, you want to keep your bank details off the internet, and maybe things like customer or pricing information away from competitors. But generally speaking, if you are like most people, you don’t have much need to hide.
It’s possible you don’t lock your front door either, but I doubt it.
None of our customers have anything that the Russian Mafia, Chinese government, or the NSA want, and if they did, we aren’t the right company to secure that information. But in the same way that you don’t want someone waling into your house off the street, eating food from your fridge, sleeping in your bed and rifling through your underwear drawers, you wouldn’t want someone doing that to your computer systems.
Most people have good enough security and discussing if the security you have is enough to protect the value you keep is another post, I want you to think for a moment about something you probably never think about.
What could criminals learn about you from your browsing information?
What if your machine was hacked and it had none of the obvious things like work files, credit card info, etc on it… but instead what if all your private information was hoovered up from the bread crumbs of browsing and phone/PC usage was copied? What could be found out by following your tracks?
A few years ago there was a lot of talk about metadata and the US government using it. Edward Snowden blew the lid on that and it was the first time most people even thought about it.
So if a hacker got access to your phone or your computer, what could they learn from the metadata of your usage?
Nothing?
More than 25 years in IT makes me doubt that.
A cautionary tale of email phishing
We had a customer open a phishing email and had their email hacked.
This happened before they became a customer and shortly after we took them on, we discovered they’d been hacked. In that time, the attackers had copied an invoice they’d received, intercepted it, then put their bank details on the fake invoice so they would be paid instead.
We blocked it for them and cleaned their accounts, thankfully saving that school a lot of money, but they were more lucky that the thief was most likely a foreign outsourced hack-farm only interested in invoice fraud. Had they scoured that head teacher’s mailbox, it wouldn’t take long before they found at least one password to a system. Before we put them on a password manager, they would likely be using the same password for multiple online sites. Access to one usually means access to all…
In short, they were lucky.
How to protect yourself from cyber criminals
While you likely can’t protect against state sponsored attacks or organised crime, you may be able to protect yourself from dis-organised crime and automated attacks.
For most people, getting cyber insurance and having good IT practices is enough for them.
Repeating the basics:
- using machines that are always up to date with patching,
- using multi-factor authentication,
- using a password manager for any password so it’s different from any other used elsewhere,
- hardening your systems,
- giving the least privileges to the least people for the least time,
- implementing zero trust networking,
- having backups that are restore tested regularly,
- using anti-virus/anti-malware/anti-ransomware tools,
- doing user training for phishing,
- encrypting all data at rest and while moving.
Doing these basics will protect most people from most low level attacks. Thankfully, it’s not rocket science.
(Stating the obvious: If you have something of value that needs more than the basics, you need to get your information from something other than a general blog post like this.)
Clean up your digital tracks regularly – here’s how
And back to that metadata bread crumb trail I mentioned above. Regularly cleaning your digital presence is a matter of regular hygiene. Here’s a good article from the folks at Nord VPN showing you steps how to do that.
