main

HacksSecurity

The 10 Immutable Laws of Personal Security on the Internet

August 13, 2015 — by Carl Herberger6

There have been a number of unbelievable data breaches lately and I have been fielding a ton of questions from personal friends and colleagues who are genuinely worried about their personal information and they want to do better with securing their digital life. In an attempt to provide some guidance on how to make better security decisions on the Internet, I’ve honed these ten immutable thoughts for consumer-level security:

1. Consider it public.

Unencrypted data stored in the cloud should be considered public even if you believe it is not.

2. Encryption of data should be accomplished by the data owner.

Do not depend on the caretaker. If the caretaker also encrypts, that’s a bonus! Encryption can be done easily by either buying encryption programs, leveraging open source, or even better, if you are a business, come up with your own technology – it really isn’t hard!

3. Encryption of data should be as unique as possible.

Standard encryption is an oxy-moron and the origin of many data spills. It may consist of outdated methods that have been around since the 1970s!  The whole concept around encryption is that few people understand the codes, and it is even better if they don’t understand the algorithms. Ideally, encryption is ‘need to know.’  In our world of perverted security through standard approaches we have departed from the foundation of the need of encryption.

4. Change your security model routinely.

Every time you prepare your personal taxes, you should change your security model. This consists of changing passwords, changing operating systems or versions, changing security vendors, changing as much as possible. Changing your architecture is a lot of work, but in the long run your departure from the old and adoption of the new will serve you well. The reason? The effectiveness of different security models can decay over time. Consider churning your credit card provider too – this is a very powerful technique in avoiding scams and fraud.

5. NEVER trust a site with anything less than two-factor authentication.

The more you can combine the following attributes to authenticate into a website, the more secure it is:

  1. a password (something you know)
  2. a token / device such as a USB fob (something you have)
  3. need to leverage biometrics such as fingerprints (something you are)
  4. voice recognition and technology which leverages geo-location (somewhere you are)

6. Turn your computer off when not online.

Why? Because one can’t access a computer which is off.   True, soon they will be able turn on a computer which is off from which we can to disable cords, etc.  However, today it is sufficient to turn off your computer.

7. Avoid using popular, standard or free software.

The more standard (such as Windows, Adobe, Android, Apple, etc.) and open the less secure. The more unique, closed and arcane, the more secure. Some example of closed, unique and arcane software is something which was developed internally to your company and few outside of your company understand it’s workings or attributes.

8. Ease of use is a foe of security.

Avoid the easy route and encourage obstacles. Obstacles to you are also obstacles to potential perpetrators and data thieves.

9. Pay attention to the grey areas.

Grey is where the black hat hackers (bad guys) lurk. So if you don’t have clarity around the security of something (e.g. Cloud explanations, etc.) you don’t have security.

10. Trust, but verify.

Require your vendors to prove the security of data. Constant downtime of a vendor translates to a broken vendor with bad security. Use outages as an excuse to get updates from your vendor relationships – including your banks!

Your daily security activities can provide opportunity to traverse far and wide from the foundational principles of security. Understanding the key principles of security will assist in architecting and directing your security controls.

What is clear is that the pace and veracity of threats will continued to expand. Understanding the intent of security principles is more powerful than the security elements themselves. Consider constantly sharpening your “saw” to implement defenses in concert with these principles and don’t become beholden to established vendors or technical solutions.

Catch up on more great security thought leadership and I also invite you to download your copy of the newly updated Radware DDoS Handbook.  This handbook is the ultimate guide for everything you need to know about DDoS attacks – the most persistent and damaging cyber-attacks.

Carl Herberger

Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.

6 comments

  • Wild Fig Media

    August 25, 2015 at 8:29 am

    “The first rule for internet security is that there is no internet security”
    Interesting article and the items you mention cannot be highlighted enough, Many of us have become far to complacent.

    Reply

  • David Hobbs

    September 3, 2015 at 12:00 am

    Great article. Well thought out and what you say about encryption needs to resonate to larger audiences. I couldn’t agree more.

    Reply

  • Jordan @ Intel Security

    September 6, 2015 at 6:08 am

    Thank you very much for your kind information.I think it should be helpful not only for personal security but also business security.Using this way anyone can secure his/her important documents and also business policy.Absolutely i used this system in my business to secure my all data and documents.
    Thanks
    Jordan

    Reply

  • Radware

    September 9, 2015 at 7:55 pm

    Thank you for your comments. We agree that these rules can also be very helpful with businesses. In fact, you have inspired some new blog topics for us. How do you leverage the 10 Immutable Laws in your business?

    Reply

  • Reynaldo

    October 11, 2016 at 5:42 pm

    I enjoy your writing style really enjoying
    this site.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *