What are we going to do?
First, we are going to change our perspective and understanding of today’s technology-centric environment.
Why are we going to do it?
Because, we are shedding light on what technology is from an exploitation perspective. After reading the following suggestions, you will be empowered with a new understanding of your digital identity and why to protect it.
How frequent are we going to do it?
Well, every day, mentally, and as the situation warrants from procurement to implementation to sustainment.
How are we going to do it?
First, we are going to take inventory of all of the electronic devices in our Pattern of Life. This inventory should include your cell phones, laptops, email providers, electronic login portals for social media (Twitter, Instagram, Facebook, SnapChat, Bank Portals). So, collect anything providing insights to who you are, what you do, and data which if were to fall into the wrong hands could be used against you. All of these pieces make up your digital identity.
From there, we are going to lock them down with the DAPE standard (Deny All Permit By Exception). Instead of “trusting” the technology provider’s default configurations designed to accommodate your interactional comforts, we are going to lock them down with the following:
- Passwords with more than 14 characters. (Because, cyber criminals may guess anything smaller with easily available tools.)
- We are going to always incorporate 2FA (two-factor authentication). Because, we know the human mind’s capacity to develop a strong password and change it frequently is not a challenge for everyone to undertake. So, the use of 2FA is a “Defense-In-Depth” approach, or failsafe in the event someone does intercept your passwords. We prefer the use of a Dongle over Cell Phone Authentication. Because, simply put, compromising a cell phone is relatively easy.
- We ensure the email address assigned as the Recovery Email remains locked and secured in the same manner stated above. This is to not relinquish a low hanging vulnerability to cyber criminals. They know typically people do not lock down the recovery emails as tightly as the main social media sources we are attempting to protect.
After the above is done, always remember this. Cyber Criminals leverage vulnerabilities in older and outdated systems. Other than providing a functionality enhancement to a product, the main reason tech solution providers have “UPDATES” is to provide protection for previously exploited holes in the technology. With that said, we are going to always ensure that our electronic devices are UP TO DATE. Accomplishable by configuring the “Automatic Update Feature” on ALL of the electronic devices, operating systems, and applications we use.
In closure, you have to wear protection for all of the things you do on a daily basis with the internet. The way we accomplish this is by having Anti-Virus and Anti-Malware solutions on ALL tech we use. Keep those definitions up to date and never waiver about their existence on your devices.
This has been a public service announcement by J. Tate co-founder of bits&digits and Chief Alchemist at Exploitation University.