Saturday, May 26, 2018

Privacy Practices and Secure Communications to Mitigate Attack Risk


It’s a common misconception that privacy concerns are only for the paranoid or those with something to hide. In reality, having greater privacy is often a prerequisite to having greater security.

If your information is made private, it’s a lot harder to compromise.

Hackers need something to bite on in order to take a chunk of your life or business and tear it to shreds. Don’t give them that initial morsel. Do all you can to step into the shadows.

A few simple methods to help prevent attacks include having better privacy practices and avoiding phishing tactics.

Best Privacy Practices for Companies

The methods described here apply to both individuals and corporations of all sizes. Here are a few things that can be done to make some of the actions of your company opaquer:
·       Use DuckDuckGo as your default search engine. DuckDuckGo does not track its users, meaning there will be no trace of what your employees search for. This will alleviate some concerns over corporate espionage. In addition, DuckDuckGo generally yields better research results than most other search engines.
·       Use Protonmail for all company communications. Protonmail is an encrypted email service based in Switzerland. Free accounts come with up to 500 megabytes of storage. Emails sent to these accounts cannot be seen by outside sources. Encrypted emails also come with the option of setting an expiration date – meaning they will delete themselves without a trace after a set amount of time, from one hour to twenty-eight days.
·       Use Signal 2.0 for all cell phone communications. Signal allows for the same kind of security provided by Protonmail, but for texts and voice calls. Just as with encrypted emails, encrypted texts can be set to self-destruct after a time.
Better privacy practices won’t solve all your problems. But they are a big step in the right direction.

Privacy Practices and Detection

If you can’t prevent an attack, you need to at least know it’s happening. If not, there’s no end to the damage that can be done. Many corporations and nearly all individuals have no detection whatsoever.

Hi business owners and entrepreneurs, are you all ready for GDPR? On 25th of May, the General Data Protection Regulation (GDPR) will take effect. The GDPR is the European Union's new data privacy law. It impacts how all businesses, big and small, collect and handle personal data about their customers. Even though we're in Australia and don't have to comply with the new GDPR requirements. However I thought it is a good idea to get everything set up. I think sooner or later this will come to Australia. Also if you're running FB ads, you have to make sure you comply with FB's private data policy. Make sure you have your privacy policy in place on your landing page. At AuBiz, we've updated our Privacy Policy to make sure we provide information around the rights individuals have under the GDPR and to include more details around our processing of personal data including marketing opt-in and cookie policy.
A post shared by AuBiz Consulting (@aubizconsulting) on Even                       
Take the National Security Agency (NSA), for example. For months, Edward Snowden was opening classified documents and downloading them.

He managed to escape undetected the entire time. An insider threat escaped the awareness of the NSA due to poor detection. How can you prevent this from happening?

StationX Canary Tokens allow you to create files that will act as trip wires for unauthorized access to your data. If someone opens a Canary Token, you will receive an email notification immediately. This lets you know someone has been poking around in your system.

While it’s ideal to not get compromised in the first place, having adequate detection ensures that you can mitigate the damage done by an attacker. After receiving news that you have been hacked, you can shut down all systems, preventing further intrusions.

Phishing and Privacy Practices

Most of the time, however, detection won’t be much of a concern.

Hackers have figured out that the best way to gain access to a system is to go straight to the source via social engineering. Hackers have begun to turn into amateur spies worldwide.

The majority of successful hacking today is not done by means of some sophisticated computer program or network attacking technique.

It’s simply accomplished by using phishing tactics.

Educating employees about phishing is one of the simplest and cheapest ways for companies to prevent attacks. Many organizations have already begun incorporating such education into their standard training programs.

Phishing emails, phone calls, and websites are the most common techniques used by hackers.


Never click a link or download an attachment in an email without being 100% certain that it’s from a trusted source.

In fact, it’s best to not even open emails unless you can tell they’re from someone you know. Be sure to check the address the message was sent from. A common tactic is to use a name from your contacts with a single letter changed.

Another way to help avoid this is to use separate email addresses for your inbox. Give one address out for general purposes and another for strictly business.

This way, if an email comes from your general address, you will know to be on high alert for anything suspicious.  

Make it a rule to never click a link or download an attachment in an email, period. This shouldn’t be hard to do.

With cloud storage, you don’t need to send email attachments as often as in the past. And you can always find a link on your own rather than trying to go there directly through the email.
privacy and cybersecurity

Phone Calls

Phone calls are a more sophisticated form of social engineering. A caller might impersonate someone higher up the corporate ladder and ask for sensitive information.

Again, the easiest way to avoid this is to make it a rule to never share information whenever possible. Verify the source, and then see if there’s some other way to do what’s needed.

Fake Sites

Fake websites are perhaps the most difficult phishing traps to avoid. They can look exactly like the real thing. It’s even possible for an attacker to fake the SSL certification and padlock image in the URL.

 The only way to avoid these attacks is to constantly check the web address word for word. If anything appears to be off, don’t enter any personal information. In addition, most browsers and anti-virus programs have features that will warn you of potentially fake sites.

No Cause for Concern with Good Privacy Practices

Using encrypted communication, having some detection set up, and avoiding phishing will go a long way towards achieving freedom from many of the most common cybersecurity concerns. It will also mitigate the damage that can be done in the event of a successful attack.

No comments:

Post a Comment