Despite many of the recent high-profile security breaches – from Target’s credit cards, to Edwards Snowden’s extravaganza, to further leaks of the NSA’s spying capabilities, major changes still have not taken place in most individuals’ digital habits.
While the average person implicitly understands the difference between sending a postcard and an envelope, most eyes gloss over at the thought of encrypting their email or web traffic. Just like a letter without an envelope can be read by everyone in between, an email or web page that is not encrypted can, and will, be read by everyone who gets their hands on it. In addition, each person who handles that email doesn’t just read it, but copies it several times into various archives. The email archives and logs are often stored for years or decades.
Follow these simple guidelines to keep yourself more secure online.
HTTPS – Secure Web Browsing
If the website you are visiting says HTTP in the address bar instead of HTTPS – this means that every single action you take is open and visible. The S stands for secure – it means that every piece of traffic will be encrypted and verified. If you are sending private information – anything that you would not want to share with a random stranger, or have published in a newspaper, should be done with HTTPS instead of HTTP.
Note: Most browsers show a little “lock” icon next to the address bar if the connection is encrypted.
Limit Web Browsing and Phone Use at Work or Public Places
It’s a safe bet that every website you view at work will be recorded on the company server. Most businesses can see how much time you spend on websites, exactly which sites you visit, and what you do there. Any email you send, even if it is deleted, will likely be stored in several places – whether it is the spam filter, the email archive, or the cache.
In addition – phone call logs are almost always stored and saved somewhere. The IT Admin can find out exactly who you called and who called you. The phone logs, email archives, and web browsing logs are often reviewed when employees are terminated.
If you think that you are not important enough for IT to spy on you, think again. With the advent of Big Data, it is extremely easy to see exactly what people are doing on the network. The technology already exists for managers to receive monthly automated reports of web and email use by their employees.
It’s absolutely fascinating, that despite widespread available of fast and efficient encryption algorithms, very few emails are encrypted. Unfortunately, this is one area that still does not have a good solution for most individuals. Using PGP, you and a friend could share encrypted emails, however the recipient would need to have the same software setup as you in order to decode the email.
Right now, the best solution for sending encrypted information is to use software like 7-Zip to create a password-protected Zip file with a long password. Once you send the file, be sure to give the recipient that password over the phone, so that it is not sent in the email. This will make sure that, even if the email is archived and stored, the data inside the Zip file will stay protected.
Build Secure Software
Many software companies think of software security as an add-on at the end of the development process. Be sure that you don’t become another newspaper headline by following at least these guidelines when building software:
- Encrypt all relevant confidential data
- Use non-reversible encryption wherever possible
- Never rely on security by obscurity. Be sure that no user has access to anything they don’t explicitly need, be it through the front-end, the application server, or the database.
- Perform security and vulnerability with automated tools
- Perform a manual security audit at regular intervals
Although many more advanced techniques exist to safeguard information, following these basic guidelines will get you started on the road to digital security.
Written by Andrew Palczewski
About the Author
Andrew Palczewski is CEO of apHarmony, a Chicago software development company. He holds a Master's degree in Computer Engineering from the University of Illinois at Urbana-Champaign and has over ten years' experience in managing development of software projects.