Thirty-Day Security Challenge Details

Thirty Day Security Challenge

With just two weeks remaining before the start of the Thirty-Day Security Challenge, I am going to address a few questions I have been asked in the past week.  If you have additional questions or comments feel free to post them in the comments or contact me directly.

What will the Challenge cover?  I have been somewhat (and intentionally) vague on this, but several of you have emailed in asking what the Challenge will tackle.  I’m still going to be a little vague, but this should give you an idea:

  • Week 1 will focus on local security and some basic best practices for your computer.
  • Week 2 will begin dealing with online account, web browser security, and protecting your internet traffic.
  • Week 3 will continue with online account security and deal with some intermediate topics like encryption and system cleaning.
  • Week 4 and on will deal with some mobile device security and encryption, and some personal privacy issues.

Though each week has a sort of theme, the challenge is cumulative, and being engaged from the beginning is important.  If you can’t, don’t worry, and if something is not applicable to you feel free to skip it.

How can I follow the Challenge?  A few of you have asked for alternate ways to follow this month’s challenge.  Here are three:

  • Blog:  The easiest way is to come to blog each day from March 1st through March 30th.
  • Mailing List: Several of you have asked for a mailing list.  I initially wasn’t comfortable with this because I am hestitant to become a repository of email addresses that I risk losing, but you guys have talked me into it.  I won’ t email you for anything else, and this mailing list will be turned off when the Challenge is over.  The mailing list is coordinated through MailChip whose complete privacy policy states,  “Your subscriber lists are stored on a secure MailChimp server. We don’t, under any circumstances, sell your lists, contact people on your lists, market to people on your lists, steal your lists, or share your lists with any other party, unless it’s required by law.”  Thanks to those who reached out and requested this – you know who you are! To get on the mailing list contact me through the contact form.  Supply the email address at which you would like to receive daily updates.  Put “Thirty Day List” in the subject line and you will be added.
  • RSS Feed:  If you have an RSS reader you can follow the blog and the Security Challenge at https://operational-security.com/feed/.

What happens when the Challenge is Over?  Most importantly, you will be much more secure than when you started!  On my end, when the Thirty-Day Security Challenge is over I would love to hear your feedback.  Feel free to let me know what I did well and what could have been better.  Tell me your successes and failures.  Was there something you didn’t like?  Was there something I didn’t include but should have?  Within two weeks of the end of the Challenge I will post an after-action review based on your feedback.  I am very interested to hear how you all did, so please, don’t hesitate to chime in.

See you all in two weeks!

9 thoughts on “Thirty-Day Security Challenge Details”

  1. Frankly, I cannot wait for this to get started. I have been concerned with these issues for quite some time, but did not know what to do about them. I heard you on The Survival Podcast and am already taking action on some of your suggestions presented there.

    If I could request a few topics be included

    -Using Tails, Tor, etc
    -Checksums, signing, encrypted signature verification
    -How to set up a “secure”, encrypted laptop (Linux?) that is essentially a throwaway <$300
    -Encrypting on-line backups
    -Using encrypted email with a mobile device
    -Using prepaid debit cards along with Blur
    -Alternatives to protonmail as they have people on a waiting list
    I am sure I will think of others.

    1. Jim,

      I’m really glad you’re excited. I really hate to tell you this but March will be much more entry level (something tells me you are a little bit ahead of the curve). Even so you should learn something and it may be a good way for your to introduce your less security-conscious friends to digital security. If there is enough interest I may do this again soon with intermediate and advanced topics like you are asking for, and a video series is a possibility, as well.

      Thanks again for the interest – it really is encouraging,

      Justin

      1. Actually, I am pretty basic just awakened. I have a large digital footprint and looking to make it smaller and more opaque. I also “feel” like it is time to learn the lessons of Snowden, hacked Target, Facebook identity selling, etc. as well as more advanced techniques of digital camouflage.

        I guess I woke up one day when I was doing some searches for shoes all around the web including Amazon. I am used to those searches showing up as ads on web pages via cookies, so I regularly clear all browser history and cookies. Several days later after clearing my cookies, I see my Amazon searches for shoes show up on Facebook. Then, the same ads showed up on my tablet. I come to find out that there is cross platform tracking via a common key, in this case email address. Then, an obscure business colleague is recommended as a Facebook friend. Since I don’t post about my employer ever and changed jobs in the last two years, that means Facebook is accessing my contact list even though I disabled that function. Those were my “oh shit” moments. If they can tie these things together to market to me, what else are they tracking? Self-Defence implements and web-based bulk high speed projectile purchases? Giltery, inflation-protected, hard substances? Comments critical of potential future executive office holders from Arkansas or Vermont?

        So, I am advanced, but still learning basics. Don’t be afraid to talk down to me. After all, I just started doing checksum because you explained it so simply that I could understand it.

  2. One really frustrating thing is email spam. Spam is appearing at an increasing rate in my inbox and it seems to be based on sites that I have visited even if by chance. Just so tired of spam. Are there ways to deal with this? I assume using gmail or some such service is not the way to go.

    1. Virginia,
      The only “real” way to avoid spam is to stop giving out your email address. Each time you give it out when signing up for a new service, registering a new customer loyalty card, etc., it is added to databases and sold or spilled. If you are (understandably) frustrated with this there is, unfortunately, no way to reclaim that email address. Gmail will work, but I would recommend starting over with a new account and being very careful about giving it out. Keep your old one, transition all your real contacts and accounts to the new one and be very careful of giving it out.
      Sorry I don’t have a better fix, but I hope that helps!
      Justin

  3. Can you please address possible options to take after one has been hacked? I was one of the many victims of the OPM data breach, and there are many others such as the Target, Home Depot, etc. Also, what should we be looking for to see if our data has been sold or is being used improperly? Thanks and Semper Fi,

    1. Keith,

      This wasn’t a planned part of the 30-day series but I have some flexibility – I may try to work that in. You’re right – that is important. If I’m not able to get it in the Challenge, I will definitely cover this in-depth in weekly post. Thanks for the feedback.
      S/F,
      Justin

Leave a Reply

Your email address will not be published.