[Tech Tuesday] Personal Information Security #2: Have your ducks in a row.

in #technology7 years ago

Last week I started a series on How to Apply Industry Security Controls to Personal Information Security. It's a list of 20 Critical Security Controls used by corporations to secure their digital and information assets. While some of those controls require deep technical knowledge and a huge budget for a highly paid staff and sophisticated software, ordinary people can still benefit from the underlying principles.

Here's Part1 if you missed it.

Recap

In part 1, we discussed about keeping track of authorized devices and apps and how you need to prevent unknown devices from having access to your network. Doing that reduces your risk of intentional attacks and unintentional exposures.

Security Controls 3,4 and 5.

This week we'll discuss the next three critical controls.

#3. Secure Configurations for Hardware and Software
#4. Continuous Vulnerability Assessment and Remediation
#5. Controlled Use of Administrative Privileges

CIS describes the first 5 CIS control as a means to

"Eliminate the vast majority of your organization's vulnerabilities"

I'd like to rephrase it as

"Having your ducks in a row and make sure you're not vulnerable or exposed."


1

Let's discuss each of these controls:

Control #3 - Secure Configurations for Hardware and Software

  • Hardware refers to devices both mobile and well.. not mobile. I don't remember the last time I heard someone use the term software. Nowadays it's just 'apps'. Security doesn't just mean you have something stored in a big vault with a three-headed dog guarding it.


2

Security of information means it's confidential, intact (integrity), and available. I'll make a separate post about information security in general but for now we'll just settle with that rough description. So control #3 recommends that you 'secure' your device and your apps settings. You mean my password? Yes, but not just that. So what settings am I talking about?

Some hardware settings you need to secure:

  1. Router settings. Most are shipped with default settings and passwords. If you don't change it, anyone can login to the console and make holes or exploit vulnerabilities.
  2. Mobile device backup/recovery settings. These are the information you provided so you could restore your device from backup in case of hardware failure or lockout. What good is a crypto wallet for if it and all it's related info are in a device you can't access.

Some software settings you need to secure:

  1. Your AppleID or google ID.
  2. Your crypto wallet settings. Master seed, addresses and private keys.
  3. Recovery email address, mobile numbers, and security questions.


3

Control #4 - Continuous Vulnerability Assessment and Remediation

In the industry we either hire consultants (aka white hat hackers), do it ourselves with the use of special security software.
For the ordinary user, start by keeping updated on news about the security of your important or critical apps.

Here are some news items on vulnerabilities for both apps and devices:

https://cointelegraph.com/news/jaxx-wallet-vulnerability-users-report-400k-funds-thefts
http://appleinsider.com/articles/17/04/12/apple-secretly-patched-iphone-vulnerability-allowing-unauthorized-collection-of-sensor-data
http://www.computerworld.com/article/2936346/byod/samsung-swiftkey-mitm-itbwcw.html
https://appadvice.com/post/security-vulnerability/737617

Once you learn about a potential security flaw for your device or app, study and apply the recommended remediations.

Control #5 - Controlled Use of Administrative Privileges

In the professional IT world, this means you only use your admin/root passwords when really necessary. Otherwise just use your normal accounts. The reason for this is the more times you use a very sensitive account, the higher chances there are of it being intercepted, left running in an open terminal and abused by another user, etc.

This control may not be applicable for ordinary people but the principle is the same. Be mindful of when you input your passwords. Make sure you know the site is authentic before you input your passwords. Don't just type in your account and password every time a window pops up asking for it. This post discusses how the private keys of Steemians have been harvested because they pasted it in the memo field:

https://steemit.com/steemit/@noisy/we-just-hacked-11-accounts-on-steemit-1158-sbd-and-8250-steem-is-under-our-control-but-we-are-good-guys-so

Summary

Security need not be complicated. Just remember, keep your ducks in a row, be mindful, take the necessary precautions.

Keep your device and app settings safe, keep updated on security news about your apps and devices, and be judicious when keying in your passwords and other important information.

I hope this series is helpful. Let me know your thoughts and reactions by leaving your comments.

Til next time. Mabuhay, Steem!

@cryptokash

#techtuesday #philippines #steem
7 years ago in #technology by
$2.82
  • Past Payouts $2.82, 0.00 TRX
  • - Author $2.36, 0.00 TRX
  • - Curators $0.47, 0.00 TRX
52 votes
Reply 1
Sort:  
  • Trending
    • [-]
     7 years ago 

    Thanks for the vote @minnowsupport & @pagandance!

    $0.00
      1 vote
      • and 1 more
      Reply

      Coin Marketplace

      STEEM 0.20
      TRX 0.12
      JST 0.028
      BTC 64097.37
      ETH 3476.43
      USDT 1.00
      SBD 2.53