Computer Security Guide For High Value Targets

This guide aims to provide non-technical information about computer security with solutions that provide high level of security without sacrificing the convenience necessary for an everyday application. This guide assumes that you’re an everyday computer user and that you are familiar with basic computer vocabulary. You don’t have to be an advanced technical user to find this guide useful.

If you are the Chief Executive Officer, Chief Financial Officer, Chief Operations Officer, Vice President, board director, management, running your own company or anyone with a high ranking position with access to valuable business grade information…

..then you are a high-value target and the risk of getting targeted by a hacker is incredibly much bigger. Why?

You stand out from the crowd.
A successful hack will gain a lot more media attention.
Details about your person is a lot more available.
Your actions and political views may be known to the public.
You may have access to high value data.
Your data is more valuable which means more money for the hacker.

Also included in the high-value target category are celebrities, individuals living and working in the public domain, politicians, influencers and media personalities.

It is very likely that you are going to bring your laptop home from work and continue from there. This is fine, but your position is very likely to attract some extra attention from people with not so honest intentions on the internet and since you have access to such valuable information, you must take extra security precautions. In fact, since you are protecting business information, your mistakes are going to come at a greater cost than those of a private individual. Your mistakes can affect employees and possibly even their families. 

Cracking Security Is Very Hard

By following security procedures you’ve actually come a long way to towards protecting yourself and your data. Please understand that cracking security is very hard, time consuming and can be very heavy on resources. This is why a hacker most likely will try to bypass any security measure by taking advantage of human or software weaknesses instead. Cracking state of the art security such as encryption most likely will require the resources of governments or security agencies such as the NSA.

Setting Up For Security

Of course, the hackers are going to look for technical mistakes and weaknesses to begin with, which is why setting up for security is so important.  

But first, a little tip…

Placing Traps With Canary Tokens

This is a nifty and powerful little software that allows you to place traps on your computer that automatically will alert you. You can, for example, create a text file that you name ”passwords” and fill with fake information, run that file through Canary Tokens which will trig it. Now, whenever anyone is trying to access that file, you will be alerted. Use your imagination and give the files intriguing names. Spread the files on your hard drive and don’t be afraid to place them where your most sensitive files are. The point is to find out if someone unauthorised have access to them so that to can take the actions needed from there.

Moving on…

1. Securing your home network

Setting up the router

Your router is directly connected to the internet which means that it is constantly targeted by automated scans and exploit kits, even if you never see them. If unprotected, your network is very vulnerable.

Accessing the router control panel

To access the router control panel you have to go to your internet browser and enter the IP address of your router into the URL bar. The address usually is 192.168.1.1 but if it isn’t, it should be written physically on your router. Look for router address, router interface or gateway address. The username and password should be there as well. Oh, and you have to be connected to your wi-fi to be able to access the router interface.

Once you’re connected to the router interface, make sure that:

You have a strong router password

Something like ”Azqv-2Jis-3KYd-PqRs-5v0d” and never use the stock password.

SSID is disabled

SSID is the unique name that your router broadcasts so that you can identify it in the wi-fi list when you are trying to connect. If you disable this option, you won’t see the wi-fi in the list so you have to connect by manually entering the unique name and password. (Write it down before you disable this option) This makes connecting a little bit more complicated but at the same time much more secure.

WPA2 (or if available WPA3) encryption is enabled

This is the router encryption which makes sure that your traffic to and from the router is encrypted.

Remote access is disabled

Remote access allows for router management outside of your local network. Disable this option and only connections from inside your local network will be able to connect to your router management interface.

Firewall is enabled

Self explanatory

Router software is up to date

Self explanatory

Pro Tip!

Download and install free software ”Who’s on my wi-fi”. This software will detect all devices connected to a network and alert you whenever a new connection is made. You can set your own devices as ”known” so that you’re not alerted every time your own devices connect.

2. Securing Your Computer

Physical separation

Physical separation is one of the best ways of securing data and it simply means selecting physical devices for different tasks. A good starting point is to separate your business computer from your private computer. In this scenario it is forbidden to access anything private such as facebook on your business computer. The next level of security is to separate offline, online and private usage. This requires three computers but it provides a very high level of security. In this scenario you will use two computers for work and one for anything private. Work computer 1 will never see the light of the internet, you might as well remove the network card because you will never connect this one to the internet. Work computer number 2 is the one that you will secure and use when connecting to the internet. The less information that you store on this computer, the better. 

This type of physical separation security is only as strong as you make it, in other words, it’s important to never cross contaminate between devices. Discipline is key.

Keeping up to date with software

A hacker will always try to find ways around security measures because it’s much easier to take advantage of flaws than cracking security. Software bugs and code weaknesses is a great example of how hackers find their way into your system. Software developers are constantly improving and updating their code to provide a better security, this is why it is so important to always update software as soon as an update is available.

Firewall

A firewall is the first line of defence in your home network and it carefully monitors and controls all incoming and outgoing traffic. In your network there will be two firewalls, one host firewall and one network firewall. The host firewall is in your computer and controls all traffic to and from your computer. The network firewall controls all traffic to and from your home network and everything outside of that, such as the internet.

Anti-Virus

A good anti virus solution will provide a good basic level of security, it will scan files you download, detect harmful software before it does any damage, limit what can access your system from the internet, firewall and a bunch of security features. Make sure to get a pro anti virus solution.

Disc compartmentalisation

Disc compartmentalisation is a little bit like physical separation except that it is done virtually. Have you ever heard of hard disc partitioning? Partitioning is what disc compartmentalisation is about. A partition is done by virtually splitting your hard disc and creating divisions that offer separation between drives. This is an excellent way of increasing security and in the event of a breach, you will severely limit the damage. Windows and OSX have built in tools for creating disc partitions.

Encryption

Encryption is the method of which plain text is turned into what is called cipher text, a message that is scrambled into unintelligibility according to a particular algorithm – a series of well-defined steps that can be followed procedurally. Encryption singlehandedly is the best tool anyone can use to protect their data and it has to be applied to everything. If you have disc partitions you should apply encryption on a partition by partition basis, with a strong password, at least 24 signs for each partition. Most major operating systems have built in encryption tools that will help you with this process. Windows has BitLocker and OSX has FileVault2 and both are free tools. For file, folder and text encryption i recommend a tool called VeraCrypt.

The most important thing is to encrypt everything that is sent somewhere over the internet, i will talk more about this later in this guide.

To learn more about encryption read my detailed guide here. Check out my resources page for encryption tool tips.

Password manager

Passwords really are your first line of defence and therefor you must take them seriously. In your situation, regular password just won’t do it and i strongly recommend that you start using a password manager. The passwords necessary for sufficient security are going to be very tough to remember. This is an example of how your passwords should look like ”Azqv-2Jis-3KYd-PqRs-5v0d”. This password is made of 24 randomised signs that have no connection to my person of any kind. It’s very strong, but also very complicated to remember. This is why you must use a password manager.

Backups

Backups are boring but when the “shit hits the fan”, they are your best friend. A good practise is to store your important data on a security portable drive or thumb drive with encryption options. Put the drives in a secure place such as in a safe and remember to backup regularly.

3. Online Security

Know The Term!

Backups are boring but when the “shit hits the fan”, they are your best friend. A good practise is to store your important data on a security portable drive or thumb drive with encryption options. Put the drives in a secure place such as in a safe and remember to backup regularly.

Rogue Wi-Fi hotspot

An insecure Wi-Fi network that is often created by bad actors to steal or compromise sensitive data. These networks are easily avoided by using VPNs and end-to-end security.

End-2-End encrypted e-mail

E-mail is a tool that you are very likely to be using. It is also very likely that e-mail is where hackers will find their way in to your system. Mail is a popular attack vector because of the insecure nature of e-mail technology. When you send an e-mail it has to pass many servers and networks before it reaches it’s destination, this makes for a lot of vulnerabilities.

The solution is end-2-end encrypted e-mail which encrypts the content of messages locally on your computer or device before the message leaves the device, only allowing the senders and receivers to read it. This means that even if someone is intercepting your communication, they cannot read it because the encryption has already taken place. 

VPN

Depending on your company security situation you may or may not have a VPN tunnel set-up for secure remote access to company servers. Either way, a VPN is a must have when communicating sensitive information over the internet.

A VPN solves the problem of sending sensitive information over the internet by creating a secure connection and encrypting it. This way, even if your traffic is intercepted, it is unintelligible to anyone trying.

VPN’s are very easy to use and if you haven’t already, ask your company for VPN details.

Leave a Reply

Your email address will not be published. Required fields are marked *