I know. I know. I failed to get a newsletter out last week. I’d like to say it will be the last time this happens, but we all know I can’t make that promise. Travel + Dead Laptop + No Power Cord = No Newsletter
Feedback from the Doom and Gloom newsletter is at the end in the “Community Section.”
And now to the newsletter…
Topic of the Week: Everyday Cyber Security
Oops, by opening this newsletter your files have now been encrypted. To recover your files, deposit $300 in Bitcoin into this account: afsdfdDanielle’sExpensiveWineFundssdfa.
In light of last week’s ransomware attack, I thought it would be appropriate to tackle cyber security. What do I know about cyber security? Nothing, so I enlisted the advice of a security expert.
Joe Gray, Enterprise Security Consultant with Sword & Shield, a Knoxville-based information security firm, was kind enough to answer my questions and provide an in-depth perspective on how to improve security in everyday life. Joe’s advice was much more informative than what I’m able to include in this newsletter. You can view the entirety of his feedback in a post on his cyber security blog Advanced Persistent Security.
Cloud File Storage
Whether it’s Google Drive, Dropbox, etc, most of us use a cloud-based storage system for our files. Per Joe, while these systems are starting to embrace security, they have a few weaknesses.
The first and obvious weakness is you can’t control who has access to the physical servers that all the files go to. There isn’t a whole lot you can do about this.
The other issue Joe cited was they control your encryption keys. Encryption keys are used to “unlock” encrypted files. When you save a file to Google Drive, it is encrypted and saved on a server. Google then creates an encryption key so that the file can be accessed. The downside of this is that you have to trust Google and its employees to keep those keys safe.
Per Joe, the more secure practice is to keep your data and encryption keys separate by controlling your encryption keys. He recommends either SpiderOak or Tresorit for professionals who want to take their cloud file storage security to the next level.
For more information on encryption key management, I found this helpful overview presentation.
How do we use email securely? First and foremost, Joe recommends not clicking on suspicious links or opening unsolicited emails (sorry email marketers).
You can also ensure your outbound emails are secure by encrypting them. Joe recommends Mailvelope, which has a browser extension and allows you to easily encrypt email files using third-party email vendors such as Gmail. The downside is that those third party vendors still control your encryption keys. For the ultimate in email security, Joe recommends ProtonMail or Countermail.
Per Joe, “The need for diverse passwords, meaning a unique password for each and every site or application is more vital now than ever.” With no shortage of highly publicized data breaches in the last few years, managing passwords is now crucial.
Password manager programs offer a great way to have diverse passwords and not have to write them all down in sticky notes in your office. Joe mentioned a few good options:
Free solution: KeePass
Check out this resource to see if your email was involved in any known email breaches. (One of my personal accounts was hit)
ROND Community Section
Were you hacked? If so, shoot me an email and let me know what happened and what you did to prevent it from happening again that others may find value in.
Feedback from Doom and Gloom Newsletter:
In the last newsletter I asked you whether we are better off today than we were in 2007. Per the poll, 75% of you believe we are better off today. (One of us will eventually be right). Here are a few comments from readers:
“On balance, I see it this way: We may actually be ‘better off’. I think the big difference now is that while the crisis of the Great Recession cast doubt on Capitalism, itself, and on the durability of “trust” in institutions with pivotal roles.. (The Recovery efforts of the Obama years) and the more traditionally cyclical current factors you cite could be broadly perceived as bringing conditions back into the range of “normal” –meanwhile, highly tension-producing doubts about fundamentals of Capitalism (risk, equity, distribution, etc.) seem to have been at least partly transferred or “reassigned” to the domestic political arena, wherein factions can battle over issues in a contained political ecosystem numerous brakes and counterbalances (no matter how nasty the system overall)…” – Milt
“We are better off: Opportunities for health, wealth, energy, robots, AI. See Rational Optimist. That said, fiat currency never ends well so financial upheaval is inevitable and will be painful” – Jeff
“Other than that, Mrs. Lincoln, how did you enjoy the play?” – Lee