“The hacker didn’t succeed through sophistication. Rather, he poked at obvious places, trying to enter through unlocked doors. Persistence, not wizardry, let him through.” The Cuckoo’s Egg.
Clifford Stoll, in his 1989 book, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, described his hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National Laboratory. It started with a 75 cents error in computer usage accounts. One take-away from this early story of computer hacking is that Dr. Evil and his minions more often succeed through trial and error than brilliance. They walk through an unlocked door.
This brings us to the need to encrypt the internal disks on your digital devices. If you fail to do so, and your device is lost or stolen, your data is there for the taking. I very strongly recommend that you enable Full Disk Encryption (FDE) on all your devices. Don’t leave the door unlocked.
For Microsoft Windows, many versions of the operating system come with Bitlocker. It’s well integrated, easy to enable and provides strong protection. If it’s not already enabled, follow the instructions at: https://support.microsoft.com/en-us/windows/device-encryption-in-windows-ad5dcf4b-dbe0-2331-228f-7925c2a3012d .
Make sure you keep a copy of the Bitlocker recovery key in your Password Manager or Microsoft account (I recommend saving your recovery key in your Password Manager.) See: https://support.microsoft.com/en-us/windows/back-up-your-bitlocker-recovery-key-e63607b4-77fb-4ad3-8022-d6dc428fbd0d .
If Bitlocker is not available on your version of Windows, consider upgrading to Windows Professional. If this is prohibitively expensive, encrypt your drive using VeraCrypt. Make sure you generate a Rescue Disk image. You can find instructions on the website at: https://www.veracrypt.fr/en/Home.html
For macOS, the operating system includes FileVault. Make sure it’s turned on and save the recovery key in your password manager or iCloud. You can find instructions at: https://support.apple.com/guide/mac-help/protect-data-on-your-mac-with-filevault-mh11785/mac .
Full Disk Encryption for iOS is enabled by default and you can’t disable it.
If you set up a lockscreen, Android devices will encrypt your data. See: https://www.androidauthority.com/how-to-encrypt-android-device-326700/
Caution: To keep a sophisticated hacker from stealing your data if they get their hands on your device, the device needs to be powered down. If your device is stolen while it’s on or in sleep mode, Dr. Evil can bypass your screen lock and defeat disk encryption.
Our friend Alice, being a responsible IT professional, enabled Bitlocker on her business PC and FileVault on her MacBook. She knew her iPhone was encrypted by default. She saved the Bitlocker and FileVault recovery keys in her password manager.
Bob encrypted all three disks on his PC with VeraCrypt and created Rescue Disks. He kept the Rescue Disks in his sock drawer. He set a lockscreen on his Android phone to encrypt the internal drive.
Easy peasy!
***
I hope you’ve now implemented your strategy for backup and recovery, password management, anti-malware protection and full disk encryption. If you’ve done so, congratulations! Your security posture has surely improved. We’ve also discussed freezing your credit report, strategies for not getting scammed, and the hazards of social networking.
At this juncture, I repeat a caveat from the second post. Take one step at a time. Don’t change everything at once. Work with a new product or process until you get used to it, and before you make another significant change. You may find it useful to write down what you changed just in case you want to return to a prior configuration.
In the next several posts, I discuss additional actions you can take to improve your privacy. Onward!
Information provided in this post is subject to the disclaimer in the first post of this series.