Welcome to the Thirty Day Security Challenge (3DSC) 2.0! This post contains links to all posts in the Thirty Day Security Challenge – a day-by-day, bite-sized task each day that will make you more private and secure.
Thirty Day Security Challenge Part 1: Basic Computer Security
The first major portion focuses on securing your local system. All of these steps could be considered “basic” but if you do all of these right, all the time, you’ll be a lot more secure than most. This portion is also important because without a secure foundation (your computer) none of the “advanced” steps are going to do you any good. If your computer has been compromised, encryption won’t save you. These steps lay that secure foundation:
- Keeping your operating system updated. Though not cool or fun, or even terribly interactive, patching vulnerabilities is inestimably important to the security of the system.
- Understanding and implementing the principle of least privilege by using Standard User accounts. Again, this is another “basic” step, but a very important one.
- Next, we reduced attack surface by performing an application audit. The audit should include getting rid of any programs that you don’t use (or that are too risky to use) and updating everything else.
- Scan your system with antivirus and anti-malware. Please realize that antivirus and anti-malware probably won’t protect you from high-level exploits like the techniques released in the CIA Vault7 dump. However, these tools are one more stumbling block for an attacker, and take you out of that “low-hanging fruit” category.
- Finally, we added full-disk encryption (FDE) through BitLocker, FileVault, LUKS, or VeraCrypt. This won’t stop you from getting malware or being remotely exploited, but it is the strongest protection available for local attacks against your data-at-rest. You should also enable FDE on your Android phone, and use a good passcode on your iOS device.
Thirty Day Security Challenge Part 2: Data-in-Motion
During this portion of the 3DSC 2.0 we transitioned to protecting data-in-motion.
- Install a Virtual Private Network (VPN). This is perhaps the single most important step you can take to being more private on the internet. A VPN protects you locally against packet sniffing by hackers, the owners of the routers you connect to, and Internet Service Providers. I recommend a VPN at all times, on all devices. I have previously written detailed instructions for using Private Internet Access on Windows, Mac, Linux, Android, and iOS.
- Modify Firefox’s settings for privacy and security. As your ambassador to the internet, setting up your browser for maximum privacy and security is imperative.
- Next, in my first ever video post, I recommended you install and use NoScript Security Suite. This is absolutely the strongest browser protection you can use.
- To finish up with Firefox, I recommended some more security and privacy add-ons.
- And to round out the week, we installed a password manager. This is not really a data-in-motion task but it will make us much more secure next week when we begin securing online accounts.
Thirty Day Security Challenge Part 3: Online Account Security
The third part of the Thirty Day Security Challenge covered online accounts and some privacy-enhancing techniques.
- The foundation of online accounts is your email provider. The first step in securing them is to migrate to a private and secure email service.
- Next, you should change the passwords to your online accounts. Make them long, strong, and above all, unique. The password manager discussed in Part 2 will help make this easy.
- Enabling two-factor authentication should be the next step on your list.
- The next step is slightly advanced: create unique usernames for your online accounts. Usernames are the starting point for attacks. Making them unpredictable denies the malicious hacker a starting point. Again, the password manager is your key to success here.
- Finally, you should also clean up your digital clutter. All those unused accounts you have contain sensitive data. Delete it, and get rid of the accounts.
Thirty Day Security Challenge, Part 4: Finances
The fourth break-out in the Thirty Day Security Challenge covers protecting your credit and related data.
- First, initiate a credit freeze. Nothing else compares to the security afforded by a credit freeze; it makes taking future credit out in your name a virtual impossibility.
- Next, request your free annual credit report. Space the three free reports you get each year (one each from Equifax, Experian, and Transunion) out every 120 days. This will give you visibility on your credit year-round.
- Stop giving out your credit card information by using private payment methods. These will allow you to give out one-time-use credit card numbers that are worthless if stolen.
Thirty Day Security Challenge Part 5: Mobile Device
Part five of the thirty Day Security Challenge focuses on securing your smartphone and the communications from it.
- The first step, predictably, is to ensure your phone’s OS and all the applications on it are updated.
- Part II of this portion deals with device encryption and passcodes.
- After updating and encrypting your device, you should lock down some other basic security settings.
- Next, protect your communications by using encrypted alternatives to standard text, voice, and video-telephony apps.
- Finally, obscure your phone number. Because of its usefulness as a personal identifier, this is an incredibly important part of comprehensive privacy and security.
Thirty Day Security Challenge Part 6
The final parts of the challenge are “miscellaneous” steps. They are important, but might not fit neatly into another category.