A Logical Approach to YOUR Security: Five Questions

Security and privacy are such big (heavy) topics that many might feel overwhelmed thinking about everything people are telling you “you have to do this (or that)”.   I’d like to encourage you to take useful approach of asking yourself five questions:

  1. What private information do YOU want to protect?  What do you CARE about, that would cause you distress if it were to be made public?  Each of us has a private life that our co-workers or even our families might not fully know.  Perhaps we just want to protect our life savings against theft.   Or we are just creeped out by the unbounded ways corporations track our searches and behavior?  Are you a victim of domestic abuse or bullying, and need a confidential way to seek help?
  2. Who do you want to protect your information FROM?   Russian or Chinese hackers? Your own family?  Your nosy neighbor?   The appropriate solution is very different for addressing these “enemies” or threats.
  3. What is the likelihood of your concern occurring?  If you keep a handwritten diary on a ranch in Wyoming, it is rather safe from people far away unless they travel to your location.  If you do not use a PIN on your smartphone and routinely leave it at random places, library, coffeeshop, anything you have on the device, it seems likely anyone might see that information.
  4. What are the consequences of the disclosure you seek to prevent/ protect?  If you are corresponding (without using secure/privacy methods)  with a dissident in an oppressive regime might get them arrested or executed.  Insecure communications supporting undocumented immigrants are simply notifying authorities date, time, and location of their appointments where they can be picked up and deported.  Many of us will only be inconvenienced rather than harmed; unauthorized credit card purchases will simply be refunded (debit card purchases? who knows?) possibly some public embarrassment, but life resumes.  Failure to protect company secrets and intellectual property can lead to failure and bankruptcy; the death of a company is not a trivial consequence.
  5. How much effort do you want to expend to achieve the above?  If you are avoiding your birthday party “sorry I have to change my passwords and it will take me all day”  or if the big worry cloud over your head makes every social interaction a miserable task (what if they take my picture and reveal my identity?), you might want to reconsider your priorities.   Eliminating your credit cards also empties your credit history, and lenders might see a lower credit score – why should they loan money to an unknown amorphous person with no history?

Each person will have their own answers to these five questions, and that should determine a plan of action for security and privacy.  We are inundated with “you must buy this software, it will fix everything” and “you must do this (scan your drives, patch everything) every day/week/month”, and most of them probably don’t work for you if you’re not clear on your five answers.

Once you have an idea of what is important, let me encourage you to do even a little thing, and take a small step to take back some of your privacy.  Ideally you might sign up for a free account at Protonmail and drop me a note at djilpmh@protonmail.com and we can chat.

By the way, security people call this a “Threat Model”.   Which only goes to show, you should not feel discouraged when you come across phrases you don’t know.  Sometimes it’s as simple as answering five questions.

I’ve shamelessly copied from EFF, their source information is https://ssd.eff.org/en/module/assessing-your-risks.  If you have the time, EFF has good resources worth the browsing.